Merge branch 'master' of https://github.com/major/MySQLTuner-perl
This commit is contained in:
		
						commit
						da858bd936
					
				
					 9 changed files with 828 additions and 562 deletions
				
			
		
							
								
								
									
										1
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										1
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							|  | @ -3,3 +3,4 @@ build/mysqltuner.spec | |||
| build/build.log | ||||
| build/cve* | ||||
| build/vulnerabilities* | ||||
| *.bak | ||||
|  |  | |||
|  | @ -27,7 +27,7 @@ following restrictions: | |||
|   respect the opinions of others. | ||||
| 
 | ||||
| 
 | ||||
| ##Before submitting an issue## | ||||
| ## Before submitting an issue | ||||
| 
 | ||||
| 1. Upgrade to the latest version of MySQLTuner and see if the problem remains | ||||
| 
 | ||||
|  | @ -47,7 +47,7 @@ Good bug reports are extremely helpful — thank you! | |||
| 
 | ||||
| Guidelines for bug reports: | ||||
| 
 | ||||
| 1. **Use the [GitHub issue search](https://github.com/major/MySQLTuner-perl/search?type=Issues)** — check if the issue has already been | ||||
| 1. **Use the [GitHub issue search]** — check if the issue has already been | ||||
|    reported. | ||||
| 
 | ||||
| 2. **Check if the bug has already been fixed** — try to reproduce it using the | ||||
|  | @ -100,13 +100,13 @@ to MySQLTuner will be evaluated on a combination of scope (how well it fits into | |||
| project), maintenance burden and general usefulness. | ||||
| 
 | ||||
| Creating something great often means saying no to seemingly good ideas. Don't | ||||
| dispair if your feature request isn't accepted, take action! Fork the | ||||
| despair if your feature request isn't accepted, take action! Fork the | ||||
| repository, build your idea and share it with others. We released MySQLTuner under | ||||
| the MIT License for this purpose precisely. Open source works best when smart | ||||
| and dedicated people riff off of each others' ideas to make even greater things. | ||||
| 
 | ||||
| ## New feature request ## | ||||
| * You can find Enhancement asked by community at [Enhancement issue](https://github.com/major/MySQLTuner-perl/labels/enhancement) | ||||
| ## New feature request | ||||
| You can find Enhancement asked by community at [Enhancement issue] | ||||
| 
 | ||||
| <a name="pull-requests"></a> | ||||
| ## Pull requests | ||||
|  | @ -153,8 +153,7 @@ these guidelines is the best way to get your work included in MySQLTuner. | |||
|    git checkout -b <topic-branch-name> | ||||
|    ``` | ||||
| 
 | ||||
| 4. Commit your changes in logical chunks. Please adhere to these [git commit | ||||
|    message guidelines](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html) | ||||
| 4. Commit your changes in logical chunks. Please adhere to these [git commit message guidelines] | ||||
|    or your code is unlikely be merged into the main project. Use Git's | ||||
|    [interactive rebase](https://help.github.com/articles/interactive-rebase) | ||||
|    feature to tidy up your commits before making them public. | ||||
|  | @ -171,18 +170,23 @@ these guidelines is the best way to get your work included in MySQLTuner. | |||
|    git push origin <topic-branch-name> | ||||
|    ``` | ||||
| 
 | ||||
| 7. [Open a Pull Request](https://help.github.com/articles/using-pull-requests/) | ||||
|     with a clear title and description. | ||||
| 7. [Open a Pull Request] with a clear title and description. | ||||
| 
 | ||||
| **IMPORTANT**: By submitting a patch, you agree to allow the project owner to | ||||
| license your work under the [GPLv3 License](https://en.wikipedia.org/wiki/GNU_General_Public_License). | ||||
| license your work under the [GPLv3 License]. | ||||
| 
 | ||||
| Copy of the license is available at [LICENSE](https://github.com/major/MySQLTuner-perl/blob/master/LICENSE) | ||||
| Copy of the license is available at [LICENSE] | ||||
| 
 | ||||
| <a name="code-conventions"></a> | ||||
| #### MySQLTuner Code Conventions | ||||
| ## MySQLTuner Code Conventions | ||||
| 
 | ||||
| 1. Check code convention using **perltidy** and **perlcritic** | ||||
| 2. Don't manually update the version number in `mysqltuner.pl`.  | ||||
| 
 | ||||
| 
 | ||||
| [Enhancement issue]:https://github.com/major/MySQLTuner-perl/labels/enhancement | ||||
| [GitHub issue search]:https://github.com/major/MySQLTuner-perl/search?type=Issues | ||||
| [git commit message guidelines]:http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html | ||||
| [Open a Pull Request]:https://help.github.com/articles/using-pull-requests/ | ||||
| [GPLv3 License]:https://en.wikipedia.org/wiki/GNU_General_Public_License | ||||
| [LICENSE]:https://github.com/major/MySQLTuner-perl/blob/master/LICENSE | ||||
|  |  | |||
|  | @ -249,6 +249,10 @@ | |||
| 	* Joiner(Try to reach cluster group) | ||||
| 	* SYNCED state able to read/write | ||||
| * wsrep_cluster_conf_id configuration level must be identical in all nodes | ||||
| * wsrep_slave_thread is between 3 or 4 times number of CPU core. | ||||
| * gcs.limit should be equal to wsrep_slave_threads * 5 | ||||
| * gcs.fc_factor should be equal to 0.8 | ||||
| * Flow control fraction should be lower than 0.02 (wsrep_flow_control_paused < 0.02) | ||||
| * wsrep_last_commited committed level must be identical in all nodes | ||||
| * Look for tables without primary keys | ||||
| * Look for non InnoDB tables for Galera | ||||
|  | @ -292,7 +296,9 @@ | |||
| * thread_pool_size between 4 to 8 for MyIsam usage | ||||
| 
 | ||||
| ## MySQLTuner performance schema and sysschema information | ||||
| 
 | ||||
| * Check that Performance schema is activated for 5.6+ version | ||||
| * Check that Performance schema is disactivated for 5.5- version | ||||
| * Check that Sys schema is installed | ||||
| * sys Schema version | ||||
| * Top user per connection | ||||
| * Top user per statement | ||||
|  |  | |||
							
								
								
									
										18
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										18
									
								
								README.md
									
									
									
									
									
								
							|  | @ -11,10 +11,10 @@ MySQLTuner-perl | |||
| 
 | ||||
| **MySQLTuner** supports in this last version ~300 indicators for MySQL/MariaDB/Percona Server.  | ||||
| 
 | ||||
| **MySQLTuner** is maintained and indicator collect is increasing week after week supporting a lot of configuration such as , , , Linux OS metrics, , , , ...  | ||||
| **MySQLTuner** is maintained and indicator collect is increasing week after week supporting a lot of configuration such as [Galera Cluster](http://galeracluster.com/), [TokuDB](https://www.percona.com/software/mysql-database/percona-tokudb), [Performance schema](https://github.com/mysql/mysql-sys), Linux OS metrics, [InnoDB](http://dev.mysql.com/doc/refman/5.7/en/innodb-storage-engine.html), [MyISAM](http://dev.mysql.com/doc/refman/5.7/en/myisam-storage-engine.html), [Aria](https://mariadb.com/kb/en/mariadb/aria/), ...  | ||||
| 
 | ||||
| You can found more details on this indicators  | ||||
| . | ||||
| You can find more details on these indicators here: | ||||
| [Indicators description](https://github.com/major/MySQLTuner-perl/blob/master/INTERNALS.md). | ||||
| 
 | ||||
| 
 | ||||
|  | ||||
|  | @ -24,7 +24,7 @@ MySQLTuner needs you: | |||
| 
 | ||||
| **MySQLTuner** needs contributors for documentation, code and feedbacks.. | ||||
| 
 | ||||
| * Please join us on issue track at [GitHub tracker](https://github.com/major/MySQLTuner-perl/issues)</a>. | ||||
| * Please join us on issue track at [GitHub tracker](https://github.com/major/MySQLTuner-perl/issues). | ||||
| * Contribution guide is available following [MySQLTuner contributing guide](https://github.com/major/MySQLTuner-perl/blob/master/CONTRIBUTING.md) | ||||
| * Star **MySQLTuner project** at [MySQLTuner Git Hub Project](https://github.com/major/MySQLTuner-perl) | ||||
|            | ||||
|  | @ -57,6 +57,14 @@ MySQL in other areas. | |||
| 
 | ||||
| **Seriously - please review the FAQ section below.** | ||||
| 
 | ||||
| 
 | ||||
| Security recommandations | ||||
| -- | ||||
| 
 | ||||
| Hi directadmin user!  | ||||
| We detected that you run mysqltuner with da_admin's credentials taken from /usr/local/directadmin/conf/my.cnf, which might bring to a password discovery!  | ||||
| Read link for more details [Issue #289](https://github.com/major/MySQLTuner-perl/issues/289). | ||||
| 
 | ||||
| What MySQLTuner is checking exactly ?  | ||||
| -- | ||||
| All checks done by **MySQLTuner** are documented in [MySQLTuner Internals](https://github.com/major/MySQLTuner-perl/blob/master/INTERNALS.md) documentation. | ||||
|  | @ -230,7 +238,7 @@ MySQLTuner needs you | |||
| -- | ||||
| **MySQLTuner** needs contributors for documentation, code and feedbacks.. | ||||
| 
 | ||||
| * Please join us on issue track at [GitHub tracker](https://github.com/major/MySQLTuner-perl/issues)</a>. | ||||
| * Please join us on issue track at [GitHub tracker](https://github.com/major/MySQLTuner-perl/issues). | ||||
| * Contribution guide is avalaible following [MySQLTuner contributing guide](https://github.com/major/MySQLTuner-perl/blob/master/CONTRIBUTING.md) | ||||
| * Star **MySQLTuner project** at [MySQLTuner Git Hub Project](https://github.com/major/MySQLTuner-perl) | ||||
|            | ||||
|  |  | |||
							
								
								
									
										4
									
								
								USAGE.md
									
									
									
									
									
								
							
							
						
						
									
										4
									
								
								USAGE.md
									
									
									
									
									
								
							|  | @ -1,6 +1,6 @@ | |||
| # NAME | ||||
| 
 | ||||
|     MySQLTuner 1.6.20 - MySQL High Performance Tuning Script | ||||
|     MySQLTuner 1.7.0 - MySQL High Performance Tuning Script | ||||
| 
 | ||||
| # IMPORTANT USAGE GUIDELINES | ||||
| 
 | ||||
|  | @ -15,7 +15,9 @@ You must provide the remote server's total memory when connecting to other serve | |||
|     --socket <socket>    Use a different socket for a local connection | ||||
|     --port <port>        Port to use for connection (default: 3306) | ||||
|     --user <username>    Username to use for authentication | ||||
|     --userenv <envvar>   Name of env variable which contains username to use for authentication | ||||
|     --pass <password>    Password to use for authentication | ||||
|     --passenv <envvar>   Name of env variable which contains password to use for authentication | ||||
|     --mysqladmin <path>  Path to a custom mysqladmin executable | ||||
|     --mysqlcmd <path>    Path to a custom mysql executable | ||||
|      --defaults-file <path>  Path to a custom .my.cnf | ||||
|  |  | |||
|  | @ -64,9 +64,11 @@ foreach my $line (@lines) { | |||
|          | ||||
|         foreach my $vers (uniq(@versions)) { | ||||
|             my @nb=split('\.', $vers); | ||||
|             $nb[2]-- if ($line =~ /before/i); | ||||
|             #print $vers."\n".Dumper @nb; | ||||
|             #exit 0; | ||||
|             $f->write_file('file' => '../vulnerabilities.csv', 'content' => "$vers;$nb[0];$nb[1];$nb[2];$line\n", 'mode' => 'append'); | ||||
|             #print "$line"; | ||||
|             #exit 0 if ($line =~/before/i) ; | ||||
|             $f->write_file('file' => '../vulnerabilities.csv', 'content' => "$nb[0].$nb[1].$nb[2];$nb[0];$nb[1];$nb[2];$line\n", 'mode' => 'append'); | ||||
|         } | ||||
| 	} | ||||
| } | ||||
|  |  | |||
							
								
								
									
										15
									
								
								build/updateStaff.sh
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										15
									
								
								build/updateStaff.sh
									
									
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,15 @@ | |||
| #!/bin/sh | ||||
| 
 | ||||
| (cd .. | ||||
| echo "* GENERATING USAGE FILE" | ||||
| pod2markdown mysqltuner.pl >USAGE.md | ||||
| echo "* TIDYFY SCRIPT" | ||||
| perltidy -b mysqltuner.pl | ||||
| ) | ||||
| echo "* Udate CVE list" | ||||
| perl updateCVElist.pl | ||||
| 
 | ||||
| git add ../vulnerabilities.csv ../mysqltuner.pl ./USAGE.md | ||||
| git commit -m 'Update Vulnerabilities list | ||||
| Identing mysqltuner | ||||
| Update Usage information' | ||||
							
								
								
									
										334
									
								
								mysqltuner.pl
									
									
									
									
									
								
							
							
						
						
									
										334
									
								
								mysqltuner.pl
									
									
									
									
									
								
							|  | @ -1,7 +1,7 @@ | |||
| #!/usr/bin/env perl | ||||
| # mysqltuner.pl - Version 1.7.0 | ||||
| # mysqltuner.pl - Version 1.7.1 | ||||
| # High Performance MySQL Tuning Script | ||||
| # Copyright (C) 2006-2016 Major Hayden - major@mhtx.net | ||||
| # Copyright (C) 2006-2017 Major Hayden - major@mhtx.net | ||||
| # | ||||
| # For the latest updates, please visit http://mysqltuner.com/ | ||||
| # Git repository available at http://github.com/major/MySQLTuner-perl | ||||
|  | @ -31,6 +31,7 @@ | |||
| #   Simon Greenaway        Adam Stein           Isart Montane | ||||
| #   Baptiste M.            Cole Turner          Major Hayden | ||||
| #   Joe Ashcraft           Jean-Marie Renouard  Christian Loos | ||||
| #   Julien Francoz | ||||
| # | ||||
| # Inspired by Matthew Montgomery's tuning-primer.sh script: | ||||
| # http://forge.mysql.com/projects/view.php?id=44 | ||||
|  | @ -54,7 +55,7 @@ $Data::Dumper::Pair = " : "; | |||
| #use Env; | ||||
| 
 | ||||
| # Set up a few variables for use in the script | ||||
| my $tunerversion = "1.7.0"; | ||||
| my $tunerversion = "1.7.1"; | ||||
| my ( @adjvars, @generalrec ); | ||||
| 
 | ||||
| # Set defaults | ||||
|  | @ -193,12 +194,12 @@ my $basic_password_files = | |||
|   : abs_path( $opt{passwordfile} ); | ||||
| 
 | ||||
| # Username from envvar | ||||
| if (exists $opt{userenv} && exists $ENV{ $opt{userenv} }) { | ||||
| if ( exists $opt{userenv} && exists $ENV{ $opt{userenv} } ) { | ||||
|     $opt{user} = $ENV{ $opt{userenv} }; | ||||
| } | ||||
| 
 | ||||
| # Related to password option | ||||
| if (exists $opt{passenv} && exists $ENV{ $opt{passenv} }) { | ||||
| if ( exists $opt{passenv} && exists $ENV{ $opt{passenv} } ) { | ||||
|     $opt{pass} = $ENV{ $opt{passenv} }; | ||||
| } | ||||
| $opt{pass} = $opt{password} if ( $opt{pass} eq 0 and $opt{password} ne 0 ); | ||||
|  | @ -299,9 +300,18 @@ sub infoprinthcmd { | |||
|     infoprintcmd "$_[1]"; | ||||
| } | ||||
| 
 | ||||
| # Calculates the number of phyiscal cores considering HyperThreading  | ||||
| sub cpu_cores { | ||||
|     my $cntCPU = `awk -F: '/^core id/ && !P[\$2] { CORES++; P[\$2]=1 }; /^physical id/ && !N[\$2] { CPUs++; N[\$2]=1 };  END { print CPUs*CORES }' /proc/cpuinfo`; | ||||
|     return ( $cntCPU == 0 ? `nproc` : $cntCPU ); | ||||
| } | ||||
| 
 | ||||
| # Calculates the parameter passed in bytes, then rounds it to one decimal place | ||||
| sub hr_bytes { | ||||
|     my $num = shift; | ||||
|     return "0B" unless defined($num); | ||||
|     return "0B" if $num eq "NULL"; | ||||
| 
 | ||||
|     if ( $num >= ( 1024**3 ) ) {    #GB | ||||
|         return sprintf( "%.1f", ( $num / ( 1024**3 ) ) ) . "G"; | ||||
|     } | ||||
|  | @ -316,11 +326,30 @@ sub hr_bytes { | |||
|     } | ||||
| } | ||||
| 
 | ||||
| sub hr_raw { | ||||
|     my $num = shift; | ||||
|     return "0" unless defined($num); | ||||
|     return "0" if $num eq "NULL"; | ||||
|     if ( $num =~ /^(\d+)G$/ ) { | ||||
|         return $1 * 1024 * 1024 * 1024; | ||||
|     } | ||||
|     if ( $num =~ /^(\d+)M$/ ) { | ||||
|         return $1 * 1024 * 1024; | ||||
|     } | ||||
|     if ( $num =~ /^(\d+)K$/ ) { | ||||
|         return $1 * 1024; | ||||
|     } | ||||
|     if ( $num =~ /^(\d+)$/ ) { | ||||
|         return $1; | ||||
|     } | ||||
|     return $num; | ||||
| } | ||||
| 
 | ||||
| # Calculates the parameter passed in bytes, then rounds it to the nearest integer | ||||
| sub hr_bytes_rnd { | ||||
|     my $num = shift; | ||||
|     return "0B" unless  defined($num) ; | ||||
|     return "0B" if $num eq "NULL" ; | ||||
|     return "0B" unless defined($num); | ||||
|     return "0B" if $num eq "NULL"; | ||||
| 
 | ||||
|     if ( $num >= ( 1024**3 ) ) {    #GB | ||||
|         return int( ( $num / ( 1024**3 ) ) ) . "G"; | ||||
|  | @ -508,16 +537,15 @@ sub validate_tuner_version { | |||
|     } | ||||
| 
 | ||||
|     my $update; | ||||
|     my $url = | ||||
| "https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl"; | ||||
|     my $url = "https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl"; | ||||
|     my $httpcli = get_http_cli(); | ||||
|     if ( $httpcli =~ /curl$/ ) { | ||||
|         debugprint "$httpcli is available."; | ||||
| 
 | ||||
|         debugprint | ||||
| "$httpcli --connect-timeout 5 -silent '$url' 2>/dev/null | grep 'my \$tunerversion'| cut -d\\\" -f2"; | ||||
| "$httpcli -m 3 -silent '$url' 2>/dev/null | grep 'my \$tunerversion'| cut -d\\\" -f2"; | ||||
|         $update = | ||||
| `$httpcli --connect-timeout 5 -silent '$url' 2>/dev/null | grep 'my \$tunerversion'| cut -d\\\" -f2`; | ||||
| `$httpcli -m 3 -silent '$url' 2>/dev/null | grep 'my \$tunerversion'| cut -d\\\" -f2`; | ||||
|         chomp($update); | ||||
|         debugprint "VERSION: $update"; | ||||
| 
 | ||||
|  | @ -529,15 +557,18 @@ sub validate_tuner_version { | |||
|         debugprint "$httpcli is available."; | ||||
| 
 | ||||
|         debugprint | ||||
| "$httpcli -e timestamping=off -t 1 -T 5 -O - '$url' 2>$devnull| grep 'my \$tunerversion'| cut -d\\\" -f2"; | ||||
| "$httpcli -e timestamping=off -t 1 -T 3 -O - '$url' 2>$devnull| grep 'my \$tunerversion'| cut -d\\\" -f2"; | ||||
|         $update = | ||||
| `$httpcli -e timestamping=off -t 1 -T 5 -O - '$url' 2>$devnull| grep 'my \$tunerversion'| cut -d\\\" -f2`; | ||||
| `$httpcli -e timestamping=off -t 1 -T 3 -O - '$url' 2>$devnull| grep 'my \$tunerversion'| cut -d\\\" -f2`; | ||||
|         chomp($update); | ||||
|         compare_tuner_version($update); | ||||
|         return; | ||||
|     } | ||||
|     debugprint "curl and wget are not available."; | ||||
|     infoprint "Unable to check for the latest MySQLTuner version"; | ||||
|     infoprint | ||||
| "Using --pass and --password option is insecure during MySQLTuner execution(Password disclosure)" | ||||
|       if ( defined( $opt{'pass'} ) ); | ||||
| } | ||||
| 
 | ||||
| # Checks for updates to MySQLTuner | ||||
|  | @ -548,7 +579,6 @@ sub update_tuner_version { | |||
|         return; | ||||
|     } | ||||
| 
 | ||||
|     #use Cwd; | ||||
|     my $update; | ||||
|     my $url = "https://raw.githubusercontent.com/major/MySQLTuner-perl/master/"; | ||||
|     my @scripts = | ||||
|  | @ -563,9 +593,9 @@ sub update_tuner_version { | |||
|             debugprint "$httpcli is available."; | ||||
| 
 | ||||
|             debugprint | ||||
|               "$httpcli --connect-timeout 5 '$url$script' 2>$devnull > $script"; | ||||
|               "$httpcli --connect-timeout 3 '$url$script' 2>$devnull > $script"; | ||||
|             $update = | ||||
|               `$httpcli --connect-timeout 5 '$url$script' 2>$devnull > $script`; | ||||
|               `$httpcli --connect-timeout 3 '$url$script' 2>$devnull > $script`; | ||||
|             chomp($update); | ||||
|             debugprint "$script updated: $update"; | ||||
| 
 | ||||
|  | @ -582,9 +612,9 @@ sub update_tuner_version { | |||
|             debugprint "$httpcli is available."; | ||||
| 
 | ||||
|             debugprint | ||||
|               "$httpcli -qe timestamping=off -T 5 -O $script '$url$script'"; | ||||
|               "$httpcli -qe timestamping=off -t 1 -T 3 -O $script '$url$script'"; | ||||
|             $update = | ||||
|               `$httpcli -qe timestamping=off -T 5 -O $script '$url$script'`; | ||||
|               `$httpcli -qe timestamping=off -t 1 -T 3 -O $script '$url$script'`; | ||||
|             chomp($update); | ||||
| 
 | ||||
|             if ( -s $script eq 0 ) { | ||||
|  | @ -619,7 +649,7 @@ sub compare_tuner_version { | |||
|     #exit 0; | ||||
|     if ( $remoteversion ne $tunerversion ) { | ||||
|         badprint | ||||
|           "There is a new version of MySQLTuner available ($remoteversion)"; | ||||
|           "There is a new version of MySQLTuner available($remoteversion)"; | ||||
|         update_tuner_version(); | ||||
|         return; | ||||
|     } | ||||
|  | @ -685,15 +715,16 @@ sub mysql_setup { | |||
| 
 | ||||
|     debugprint "MySQL Client: $mysqlcmd"; | ||||
| 
 | ||||
|     $opt{port} = ( $opt{port} eq 0 ) ? 3306 : $opt{port}; | ||||
| 
 | ||||
|     # Are we being asked to connect via a socket? | ||||
|     if ( $opt{socket} ne 0 ) { | ||||
|         $remotestring = " -S $opt{socket}"; | ||||
|         $remotestring = " -S $opt{socket} -P $opt{port}"; | ||||
|     } | ||||
|      | ||||
|     # Are we being asked to connect to a remote server? | ||||
|     if ( $opt{host} ne 0 ) { | ||||
|         chomp( $opt{host} ); | ||||
|         $opt{port} = ( $opt{port} eq 0 ) ? 3306 : $opt{port}; | ||||
| 
 | ||||
| # If we're doing a remote connection, but forcemem wasn't specified, we need to exit | ||||
|         if (   $opt{'forcemem'} eq 0 | ||||
|  | @ -708,6 +739,8 @@ sub mysql_setup { | |||
|         if ( ( $opt{host} ne "127.0.0.1" ) && ( $opt{host} ne "localhost" ) ) { | ||||
|             $doremote = 1; | ||||
|         } | ||||
|     } else { | ||||
|       $opt{host}='127.0.0.1'; | ||||
|     } | ||||
| 
 | ||||
|     # Did we already get a username without password on the command line? | ||||
|  | @ -1031,7 +1064,8 @@ sub get_all_vars { | |||
| 
 | ||||
|     # Support GTID MODE FOR MARIADB | ||||
|     # Issue MariaDB GTID mode #272 | ||||
|     $myvar{'gtid_mode'}=$myvar{'gtid_strict_mode'} if (defined($myvar{'gtid_strict_mode'})); | ||||
|     $myvar{'gtid_mode'} = $myvar{'gtid_strict_mode'} | ||||
|       if ( defined( $myvar{'gtid_strict_mode'} ) ); | ||||
| 
 | ||||
|     $myvar{'have_threadpool'} = "NO"; | ||||
|     if ( defined( $myvar{'thread_pool_size'} ) | ||||
|  | @ -1088,8 +1122,9 @@ sub remove_empty { | |||
| 
 | ||||
| sub grep_file_contents { | ||||
|     my $file = shift; | ||||
| 	my $patt | ||||
|     my $patt; | ||||
| } | ||||
| 
 | ||||
| sub get_file_contents { | ||||
|     my $file = shift; | ||||
|     open( my $fh, "<", $file ) or die "Can't open $file for read: $!"; | ||||
|  | @ -1105,57 +1140,68 @@ sub get_basic_passwords { | |||
| 
 | ||||
| sub log_file_recommandations { | ||||
|     subheaderprint "Log file Recommendations"; | ||||
| 	infoprint "Log file: " . $myvar{'log_error'}. "(".hr_bytes_rnd((stat $myvar{'log_error'})[7]).")"; | ||||
|     infoprint "Log file: " | ||||
|       . $myvar{'log_error'} . "(" | ||||
|       . hr_bytes_rnd( ( stat $myvar{'log_error'} )[7] ) . ")"; | ||||
|     if ( -f "$myvar{'log_error'}" ) { | ||||
|         goodprint "Log file $myvar{'log_error'} exists"; | ||||
| 	} else { | ||||
|     } | ||||
|     else { | ||||
|         badprint "Log file $myvar{'log_error'} doesn't exist"; | ||||
|     } | ||||
|     if ( -r "$myvar{'log_error'}" ) { | ||||
|         goodprint "Log file $myvar{'log_error'} is readable."; | ||||
|     } else { | ||||
|     } | ||||
|     else { | ||||
|         badprint "Log file $myvar{'log_error'} isn't readable."; | ||||
|         return; | ||||
|     } | ||||
| 	if ( (stat $myvar{'log_error'})[7] > 0 ) { | ||||
|     if ( ( stat $myvar{'log_error'} )[7] > 0 ) { | ||||
|         goodprint "Log file $myvar{'log_error'} is not empty"; | ||||
| 	} else { | ||||
|     } | ||||
|     else { | ||||
|         badprint "Log file $myvar{'log_error'} is empty"; | ||||
|     } | ||||
| 
 | ||||
| 	if ( (stat $myvar{'log_error'})[7] < 32*1024*1024 ) { | ||||
|     if ( ( stat $myvar{'log_error'} )[7] < 32 * 1024 * 1024 ) { | ||||
|         goodprint "Log file $myvar{'log_error'} is smaller than 32 Mb"; | ||||
| 	} else { | ||||
|     } | ||||
|     else { | ||||
|         badprint "Log file $myvar{'log_error'} is bigger than 32 Mb"; | ||||
|         push @generalrec, | ||||
|         $myvar{'log_error'} ."is > 32Mb, you should analyze why or implement a rotation log strategy such as logrotate!" ; | ||||
|           $myvar{'log_error'} | ||||
|           . " is > 32Mb, you should analyze why or implement a rotation log strategy such as logrotate!"; | ||||
|     } | ||||
| 
 | ||||
|     my @log_content = get_file_contents($myvar{'log_error'}); | ||||
|     my @log_content = get_file_contents( $myvar{'log_error'} ); | ||||
| 
 | ||||
|     my $numLi     = 0; | ||||
|     my $nbWarnLog = 0; | ||||
|     my $nbErrLog  = 0; | ||||
|     my @lastShutdowns; | ||||
|     my @lastStarts; | ||||
|     foreach my $logLi ( @log_content ) { | ||||
|     foreach my $logLi (@log_content) { | ||||
|         $numLi++; | ||||
|         debugprint "$numLi: $logLi" if $logLi =~ /warning|error/i; | ||||
|         $nbErrLog++                 if $logLi =~ /error/i; | ||||
|         $nbWarnLog++                if $logLi =~ /warning/i; | ||||
|       push @lastShutdowns, $logLi if $logLi =~ /Shutdown complete/ and $logLi !~ /Innodb/i; | ||||
|         push @lastShutdowns, $logLi | ||||
|           if $logLi =~ /Shutdown complete/ and $logLi !~ /Innodb/i; | ||||
|         push @lastStarts, $logLi if $logLi =~ /ready for connections/; | ||||
|     } | ||||
|     if ( $nbWarnLog > 0 ) { | ||||
|         badprint "$myvar{'log_error'} contains $nbWarnLog warning(s)."; | ||||
|       push @generalrec, "Control warning line(s) into $myvar{'log_error'} file"; | ||||
|     } else { | ||||
|         push @generalrec, | ||||
|           "Control warning line(s) into $myvar{'log_error'} file"; | ||||
|     } | ||||
|     else { | ||||
|         goodprint "$myvar{'log_error'} doesn't contain any warning."; | ||||
|     } | ||||
|     if ( $nbErrLog > 0 ) { | ||||
|         badprint "$myvar{'log_error'} contains $nbErrLog error(s)."; | ||||
|         push @generalrec, "Control error line(s) into $myvar{'log_error'} file"; | ||||
|     } else { | ||||
|     } | ||||
|     else { | ||||
|         goodprint "$myvar{'log_error'} doesn't contain any error."; | ||||
|     } | ||||
| 
 | ||||
|  | @ -1165,25 +1211,25 @@ sub log_file_recommandations { | |||
|     if ( scalar @lastStarts < $nEnd ) { | ||||
|         $nEnd = scalar @lastStarts; | ||||
|     } | ||||
|     for my $startd ( reverse @lastStarts[-$nEnd..-1] ) { | ||||
|     for my $startd ( reverse @lastStarts[ -$nEnd .. -1 ] ) { | ||||
|         $nStart++; | ||||
|         infoprint "$nStart) $startd"; | ||||
|     } | ||||
|     infoprint scalar @lastShutdowns . " shutdown(s) detected in $myvar{'log_error'}"; | ||||
|     $nStart=0; | ||||
|     $nEnd=10; | ||||
|     infoprint scalar @lastShutdowns | ||||
|       . " shutdown(s) detected in $myvar{'log_error'}"; | ||||
|     $nStart = 0; | ||||
|     $nEnd   = 10; | ||||
|     if ( scalar @lastShutdowns < $nEnd ) { | ||||
|         $nEnd = scalar @lastShutdowns; | ||||
|     } | ||||
|     for my $shutd ( reverse @lastShutdowns[-$nEnd..-1] ) { | ||||
|     for my $shutd ( reverse @lastShutdowns[ -$nEnd .. -1 ] ) { | ||||
|         $nStart++; | ||||
|         infoprint "$nStart) $shutd"; | ||||
|     } | ||||
| 
 | ||||
|     #exit 0; | ||||
| } | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| sub cve_recommendations { | ||||
|     subheaderprint "CVE Security Recommendations"; | ||||
|     unless ( defined( $opt{cvefile} ) && -f "$opt{cvefile}" ) { | ||||
|  | @ -1191,6 +1237,9 @@ sub cve_recommendations { | |||
|         return; | ||||
|     } | ||||
| 
 | ||||
| #$mysqlvermajor=10; | ||||
| #$mysqlverminor=1; | ||||
| #$mysqlvermicro=17; | ||||
| #prettyprint "Look for related CVE for $myvar{'version'} or lower in $opt{cvefile}"; | ||||
|     my $cvefound = 0; | ||||
|     open( my $fh, "<", $opt{cvefile} ) | ||||
|  | @ -1312,7 +1361,7 @@ sub get_os_release { | |||
|     return "Unknown OS release"; | ||||
| } | ||||
| 
 | ||||
| sub get_fs_info() { | ||||
| sub get_fs_info { | ||||
|     my @sinfo = `df -P | grep '%'`; | ||||
|     my @iinfo = `df -Pi| grep '%'`; | ||||
|     shift @iinfo; | ||||
|  | @ -1370,7 +1419,7 @@ sub merge_hash { | |||
|     return \%result; | ||||
| } | ||||
| 
 | ||||
| sub is_virtual_machine() { | ||||
| sub is_virtual_machine { | ||||
|     my $isVm = `grep -Ec '^flags.*\ hypervisor\ ' /proc/cpuinfo`; | ||||
|     return ( $isVm == 0 ? 0 : 1 ); | ||||
| } | ||||
|  | @ -1402,7 +1451,7 @@ sub infocmd_one { | |||
|     return join ', ', @result; | ||||
| } | ||||
| 
 | ||||
| sub get_kernel_info() { | ||||
| sub get_kernel_info { | ||||
|     my @params = ( | ||||
|         'fs.aio-max-nr',                     'fs.aio-nr', | ||||
|         'fs.file-max',                       'sunrpc.tcp_fin_timeout', | ||||
|  | @ -1418,7 +1467,7 @@ sub get_kernel_info() { | |||
|         badprint | ||||
|           "Swappiness is > 10, please consider having a value lower than 10"; | ||||
|         push @generalrec, "setup swappiness lower or equals to 10"; | ||||
|         push @adjvars, 'vm.swappiness <= 10 (echo 0 > /proc/sys/vm/swappiness)'; | ||||
|         push @adjvars, 'vm.swappiness <= 10 (echo 10 > /proc/sys/vm/swappiness)'; | ||||
|     } | ||||
|     else { | ||||
|         infoprint "Swappiness is < 10."; | ||||
|  | @ -1453,7 +1502,7 @@ sub get_kernel_info() { | |||
| 
 | ||||
| } | ||||
| 
 | ||||
| sub get_system_info() { | ||||
| sub get_system_info { | ||||
|     $result{'OS'}{'Release'} = get_os_release(); | ||||
|     infoprint get_os_release; | ||||
|     if (is_virtual_machine) { | ||||
|  | @ -1475,6 +1524,8 @@ sub get_system_info() { | |||
|     else { | ||||
|         badprint "Internet              : Disconnected"; | ||||
|     } | ||||
|     $result{'OS'}{'NbCore'} = cpu_cores; | ||||
|     infoprint "Number of Core CPU : " . cpu_cores; | ||||
|     $result{'OS'}{'Type'} = `uname -o`; | ||||
|     infoprint "Operating System Type : " . infocmd_one "uname -o"; | ||||
|     $result{'OS'}{'Kernel'} = `uname -r`; | ||||
|  | @ -1490,11 +1541,11 @@ sub get_system_info() { | |||
| 
 | ||||
|     my $ext_ip = ""; | ||||
|     if ( $httpcli =~ /curl$/ ) { | ||||
|         $ext_ip = infocmd_one "$httpcli ipecho.net/plain"; | ||||
|         $ext_ip = infocmd_one "$httpcli -m 3 ipecho.net/plain"; | ||||
|     } | ||||
|     elsif ( $httpcli =~ /wget$/ ) { | ||||
| 
 | ||||
|         $ext_ip = infocmd_one "$httpcli -q -O - ipecho.net/plain"; | ||||
|         $ext_ip = infocmd_one "$httpcli -t 1 -T 3 -q -O - ipecho.net/plain"; | ||||
|     } | ||||
|     infoprint "External IP           : " . $ext_ip; | ||||
|     $result{'Network'}{'External Ip'} = $ext_ip; | ||||
|  | @ -1697,7 +1748,7 @@ sub security_recommendations { | |||
|     my $nbins = 0; | ||||
|     my $passreq; | ||||
|     if (@passwords) { | ||||
|         my $nbInterPass=0; | ||||
|         my $nbInterPass = 0; | ||||
|         foreach my $pass (@passwords) { | ||||
|             $nbInterPass++; | ||||
| 
 | ||||
|  | @ -1727,7 +1778,8 @@ sub security_recommendations { | |||
|                     $nbins++; | ||||
|                 } | ||||
|             } | ||||
|         debugprint "$nbInterPass / ".scalar(@passwords) if ($nbInterPass %1000 ==0); | ||||
|             debugprint "$nbInterPass / " . scalar(@passwords) | ||||
|               if ( $nbInterPass % 1000 == 0 ); | ||||
|         } | ||||
|     } | ||||
|     if ( $nbins > 0 ) { | ||||
|  | @ -1993,7 +2045,8 @@ sub check_storage_engines { | |||
|         my $not_innodb = ''; | ||||
|         if ( not defined $result{'Variables'}{'innodb_file_per_table'} ) { | ||||
|             $not_innodb = "AND NOT ENGINE='InnoDB'"; | ||||
|         } elsif ( $result{'Variables'}{'innodb_file_per_table'} eq 'OFF' ) { | ||||
|         } | ||||
|         elsif ( $result{'Variables'}{'innodb_file_per_table'} eq 'OFF' ) { | ||||
|             $not_innodb = "AND NOT ENGINE='InnoDB'"; | ||||
|         } | ||||
|         $result{'Tables'}{'Fragmented tables'} = | ||||
|  | @ -2096,7 +2149,7 @@ sub check_storage_engines { | |||
|             $data_free = $data_free / 1024 / 1024; | ||||
|             $total_free += $data_free; | ||||
|             push( @generalrec, | ||||
|                 "  OPTIMIZE TABLE $table_name; -- can free $data_free MB" ); | ||||
|                 "  OPTIMIZE TABLE `$table_name`; -- can free $data_free MB" ); | ||||
|         } | ||||
|         push( @generalrec, | ||||
|             "Total freed space after theses OPTIMIZE TABLE : $total_free Mb" ); | ||||
|  | @ -2314,14 +2367,7 @@ sub calculations { | |||
| 
 | ||||
|     if ( $mystat{'Key_write_requests'} > 0 ) { | ||||
|         $mycalc{'pct_wkeys_from_mem'} = sprintf( | ||||
|             "%.1f", | ||||
|             ( | ||||
|                 100 - ( | ||||
|                     ( $mystat{'Key_writes'} / $mystat{'Key_write_requests'} ) * | ||||
|                       100 | ||||
|                 ) | ||||
|             ) | ||||
|         ); | ||||
|             "%.1f",( ($mystat{'Key_writes'} / $mystat{'Key_write_requests'} ) * 100 ) ); | ||||
|     } | ||||
|     else { | ||||
|         $mycalc{'pct_wkeys_from_mem'} = 0; | ||||
|  | @ -2478,7 +2524,8 @@ sub calculations { | |||
|     # InnoDB | ||||
|     if ( $myvar{'have_innodb'} eq "YES" ) { | ||||
|         $mycalc{'innodb_log_size_pct'} = | ||||
|           ( $myvar{'innodb_log_file_size'} *$myvar{'innodb_log_files_in_group'} * 100 / | ||||
|           ( $myvar{'innodb_log_file_size'} * | ||||
|               $myvar{'innodb_log_files_in_group'} * 100 / | ||||
|               $myvar{'innodb_buffer_pool_size'} ); | ||||
|     } | ||||
| 
 | ||||
|  | @ -2727,7 +2774,13 @@ sub mysql_stats { | |||
|     } | ||||
| 
 | ||||
|     # name resolution | ||||
|     if ( not defined( $result{'Variables'}{'skip_name_resolve'} ) ) { | ||||
|     if ( defined( $result{'Variables'}{'skip_networking'} ) | ||||
|         && $result{'Variables'}{'skip_networking'} eq 'ON' ) | ||||
|     { | ||||
|         infoprint | ||||
| "Skipped name resolution test due to skip_networking=ON in system variables."; | ||||
|     } | ||||
|     elsif ( not defined( $result{'Variables'}{'skip_name_resolve'} ) ) { | ||||
|         infoprint | ||||
| "Skipped name resolution test due to missing skip_name_resolve in system variables."; | ||||
|     } | ||||
|  | @ -2746,17 +2799,11 @@ sub mysql_stats { | |||
|         push( @generalrec, | ||||
|             "Upgrade MySQL to version 4+ to utilize query caching" ); | ||||
|     } | ||||
|     elsif ( mysql_version_ge( 5, 5 ) and !mysql_version_ge( 10, 1 ) and $myvar{'query_cache_type'} eq "OFF" ) { | ||||
|     elsif ( $myvar{'query_cache_size'} < 1 | ||||
|         and $myvar{'query_cache_type'} eq "OFF" ) | ||||
|     { | ||||
|         goodprint | ||||
|             "Query cache is disabled by default due to mutex contention on multiprocessor machines."; | ||||
|     } | ||||
|     elsif ( $myvar{'query_cache_size'} < 1 ) { | ||||
|         badprint "Query cache is disabled"; | ||||
|         push( @adjvars, "query_cache_size (>= 8M)" ); | ||||
|     } | ||||
|     elsif ( $myvar{'query_cache_type'} eq "OFF" ) { | ||||
|         badprint "Query cache is disabled"; | ||||
|         push( @adjvars, "query_cache_type (=1)" ); | ||||
| "Query cache is disabled by default due to mutex contention on multiprocessor machines."; | ||||
|     } | ||||
|     elsif ( $mystat{'Com_select'} == 0 ) { | ||||
|         badprint | ||||
|  | @ -2765,6 +2812,7 @@ sub mysql_stats { | |||
|     else { | ||||
|         badprint | ||||
|           "Query cache may be disabled by default due to mutex contention."; | ||||
|         push( @adjvars, "query_cache_size (=0)" ); | ||||
|         push( @adjvars, "query_cache_type (=0)" ); | ||||
|         if ( $mycalc{'query_cache_efficiency'} < 20 ) { | ||||
|             badprint | ||||
|  | @ -3268,22 +3316,36 @@ sub mysqsl_pfs { | |||
|     subheaderprint "Performance schema"; | ||||
| 
 | ||||
|     # Performance Schema | ||||
|     unless ( defined( $myvar{'performance_schema'} ) | ||||
|         and $myvar{'performance_schema'} eq 'ON' ) | ||||
|     { | ||||
|     $myvar{'performance_schema'} = 'OFF' | ||||
|       unless defined( $myvar{'performance_schema'} ); | ||||
|     unless ( $myvar{'performance_schema'} eq 'ON' ) { | ||||
|         infoprint "Performance schema is disabled."; | ||||
|         return; | ||||
|         if ( mysql_version_ge( 5, 6 ) ) { | ||||
|             push( @generalrec, | ||||
|                 "Performance should be activated for better diagnostics" ); | ||||
|             push( @adjvars, "performance_schema = ON enable PFS" ); | ||||
|         } | ||||
|     infoprint "Performance schema is enabled."; | ||||
|         else { | ||||
|             push( @generalrec, | ||||
| "Performance shouldn't be activated for MySQL and MariaDB 5.5 and lower version" | ||||
|             ); | ||||
|             push( @adjvars, "performance_schema = OFF disable PFS" ); | ||||
|         } | ||||
|     } | ||||
|     debugprint "Performance schema is " . $myvar{'performance_schema'}; | ||||
|     infoprint "Memory used by P_S: " . hr_bytes( get_pf_memory() ); | ||||
| 
 | ||||
|     unless ( grep /^sys$/, select_array("SHOW DATABASES") ) { | ||||
|         infoprint "Sys schema isn't installed."; | ||||
|         push( @generalrec, | ||||
| "Consider installing Sys schema from https://github.com/mysql/mysql-sys" | ||||
|         ); | ||||
|         return; | ||||
|     } | ||||
| 
 | ||||
|     else { | ||||
|         infoprint "Sys schema is installed."; | ||||
|     return if ( $opt{pfstat} == 0 ); | ||||
|     } | ||||
|     return if ( $opt{pfstat} == 0 or $myvar{'performance_schema'} ne 'ON' ); | ||||
| 
 | ||||
|     infoprint "Sys schema Version: " | ||||
|       . select_one("select sys_version from sys.version"); | ||||
|  | @ -4915,7 +4977,7 @@ sub get_wsrep_options { | |||
| } | ||||
| 
 | ||||
| sub get_gcache_memory { | ||||
|     my $gCacheMem = get_wsrep_option('gcache.size'); | ||||
|     my $gCacheMem = hr_raw( get_wsrep_option('gcache.size') ); | ||||
| 
 | ||||
|     return 0 unless defined $gCacheMem and $gCacheMem ne ''; | ||||
|     return $gCacheMem; | ||||
|  | @ -4928,6 +4990,7 @@ sub get_wsrep_option { | |||
|     return '' unless scalar(@galera_options) > 0; | ||||
|     my @memValues = grep /\s*$key =/, @galera_options; | ||||
|     my $memValue = $memValues[0]; | ||||
|     return 0 unless defined $memValue; | ||||
|     $memValue =~ s/.*=\s*(.+)$/$1/g; | ||||
|     return $memValue; | ||||
| } | ||||
|  | @ -4976,14 +5039,69 @@ group by c.table_schema,c.table_name | |||
| having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" | ||||
|     ); | ||||
| 
 | ||||
|     if (   get_wsrep_option('wsrep_slave_threads') > cpu_cores * 4 | ||||
|         or get_wsrep_option('wsrep_slave_threads') < cpu_cores * 3 ) | ||||
|     { | ||||
|         badprint | ||||
|           "wsrep_slave_threads is not equal to 2, 3 or 4 times number of CPU(s)"; | ||||
|         push @adjvars, "wsrep_slave_threads= Nb of Core CPU * 4"; | ||||
|     } | ||||
|     else { | ||||
|         goodprint | ||||
|           "wsrep_slave_threads is equal to 2, 3 or 4 times number of CPU(s)"; | ||||
|     } | ||||
| 
 | ||||
|     if ( get_wsrep_option('gcs.limit') != | ||||
|         get_wsrep_option('wsrep_slave_threads') * 5 ) | ||||
|     { | ||||
|         badprint "gcs.limit should be equal to 5 * wsrep_slave_threads"; | ||||
|         push @adjvars, "gcs.limit= wsrep_slave_threads * 5"; | ||||
|     } else { | ||||
|         goodprint "gcs.limit should be equal to 5 * wsrep_slave_threads"; | ||||
|     } | ||||
| 
 | ||||
|     if (get_wsrep_option('wsrep_slave_threads') > 1) { | ||||
|         infoprint "wsrep parallel slave can cause frequent inconsistency crash."; | ||||
|         push @adjvars, "Set wsrep_slave_threads to 1 in case of HA_ERR_FOUND_DUPP_KEY crash on slave"; | ||||
|         # check options for parallel slave | ||||
|         if (get_wsrep_option('wsrep_slave_FK_checks') eq "OFF") { | ||||
|             badprint "wsrep_slave_FK_checks is off with parallel slave"; | ||||
|             push @adjvars, "wsrep_slave_FK_checks should be ON when using parallel slave"; | ||||
|         } | ||||
|         # wsrep_slave_UK_checks seems useless in MySQL source code | ||||
|         if ($myvar{'innodb_autoinc_lock_mode'} != 2) { | ||||
|             badprint "innodb_autoinc_lock_mode is incorrect with parallel slave"; | ||||
|             push @adjvars, "innodb_autoinc_lock_mode should be 2 when using parallel slave"; | ||||
|         } | ||||
|     } | ||||
|      | ||||
|     if (get_wsrep_option('gcs.fc_limit') != $myvar{'wsrep_slave_threads'} * 5 ) { | ||||
|         badprint "gcs.fc_limit should be equal to 5 * wsrep_slave_threads"; | ||||
|         push @adjvars, "gcs.fc_limit= wsrep_slave_threads * 5"; | ||||
|     } else { | ||||
|         goodprint "gcs.fc_limit is equal to 5 * wsrep_slave_threads"; | ||||
|     } | ||||
|      | ||||
|     if (get_wsrep_option('gcs.fc_factor') != 0.8 ) { | ||||
|         badprint "gcs.fc_factor should be equal to 0.8"; | ||||
|         push @adjvars, "gcs.fc_factor=0.8"; | ||||
|     } | ||||
|     else { | ||||
|         goodprint "gcs.fc_factor is equal to 0.8"; | ||||
|     } | ||||
|    if ( get_wsrep_option('wsrep_flow_control_paused') > 0.02 ) { | ||||
|         badprint "Fraction of time node pause flow control > 0.02"; | ||||
|     } else { | ||||
|         goodprint "Flow control fraction seems to be OK (wsrep_flow_control_paused<=0.02)"; | ||||
|     } | ||||
| 
 | ||||
|     if ( scalar(@primaryKeysNbTables) > 0 ) { | ||||
|         badprint "Following table(s) don't have primary key:"; | ||||
|         foreach my $badtable (@primaryKeysNbTables) { | ||||
|             badprint "\t$badtable"; | ||||
|             push @{ $result{'Tables without PK'} }, $badtable; | ||||
|         } | ||||
|     } | ||||
|     else { | ||||
|     } else { | ||||
|         goodprint "All tables get a primary key"; | ||||
|     } | ||||
|     my @nonInnoDBTables = select_array( | ||||
|  | @ -4996,22 +5114,19 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" | |||
|         foreach my $badtable (@nonInnoDBTables) { | ||||
|             badprint "\t$badtable"; | ||||
|         } | ||||
|     } | ||||
|     else { | ||||
|     } else { | ||||
|         goodprint "All tables are InnoDB tables"; | ||||
|     } | ||||
|     if ( $myvar{'binlog_format'} ne 'ROW' ) { | ||||
|         badprint "Binlog format should be in ROW mode."; | ||||
|         push @adjvars, "binlog_format = ROW"; | ||||
|     } | ||||
|     else { | ||||
|     } else { | ||||
|         goodprint "Binlog format is in ROW mode."; | ||||
|     } | ||||
|     if ( $myvar{'innodb_flush_log_at_trx_commit'} != 0 ) { | ||||
|         badprint "InnoDB flush log at each commit should be disabled."; | ||||
|         push @adjvars, "innodb_flush_log_at_trx_commit = 0"; | ||||
|     } | ||||
|     else { | ||||
|     } else { | ||||
|         goodprint "InnoDB flush log at each commit is disabled for Galera."; | ||||
|     } | ||||
| 
 | ||||
|  | @ -5036,6 +5151,7 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" | |||
|             else { | ||||
|                 badprint | ||||
| "There are $nbNodesSize nodes in wsrep_cluster_size. Prefer 3 or 5 nodes architecture."; | ||||
|                 push @generalrec, "Prefer 3 or 5 nodes architecture."; | ||||
|             } | ||||
| 
 | ||||
|             # wsrep_cluster_address doesn't include garbd nodes | ||||
|  | @ -5220,7 +5336,8 @@ sub mysql_innodb { | |||
|         } | ||||
|         if ( defined $myvar{'innodb_log_files_in_group'} ) { | ||||
|             infoprint " +-- InnoDB Total Log File Size: " | ||||
|               . hr_bytes( $myvar{'innodb_log_files_in_group'}*$myvar{'innodb_log_file_size'}); | ||||
|               . hr_bytes( $myvar{'innodb_log_files_in_group'} * | ||||
|                   $myvar{'innodb_log_file_size'} ); | ||||
|         } | ||||
|         if ( defined $myvar{'innodb_log_buffer_size'} ) { | ||||
|             infoprint " +-- InnoDB Log Buffer: " | ||||
|  | @ -5269,17 +5386,24 @@ sub mysql_innodb { | |||
|     { | ||||
|         badprint "Ratio InnoDB log file size / InnoDB Buffer pool size (" | ||||
|           . $mycalc{'innodb_log_size_pct'} . " %): " | ||||
|           . hr_bytes( $myvar{'innodb_log_file_size'} )." * ".$myvar{'innodb_log_files_in_group'}. "/" | ||||
|           . hr_bytes( $myvar{'innodb_log_file_size'} ) . " * " | ||||
|           . $myvar{'innodb_log_files_in_group'} . "/" | ||||
|           . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) | ||||
|           . " should be equal 25%"; | ||||
|         push( @adjvars, | ||||
| "innodb_log_file_size should be equals to 1/4 of buffer pool size (=" | ||||
|               . hr_bytes_rnd( $myvar{'innodb_buffer_pool_size'} / 4 ) | ||||
|               . ") if possible." ); | ||||
|         push( | ||||
|             @adjvars, | ||||
| "innodb_log_file_size * innodb_log_files_in_group should be equals to 1/4 of buffer pool size (=" | ||||
|               . hr_bytes_rnd( | ||||
|                 $myvar{'innodb_buffer_pool_size'} * | ||||
|                   $myvar{'innodb_log_files_in_group'} / 4 | ||||
|               ) | ||||
|               . ") if possible." | ||||
|         ); | ||||
|     } | ||||
|     else { | ||||
|         goodprint "InnoDB log file size / InnoDB Buffer pool size: " | ||||
|           . hr_bytes( $myvar{'innodb_log_file_size'} ) ." * ".$myvar{'innodb_log_files_in_group'}. "/" | ||||
|           . hr_bytes( $myvar{'innodb_log_file_size'} ) . " * " | ||||
|           . $myvar{'innodb_log_files_in_group'} . "/" | ||||
|           . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) | ||||
|           . " should be equal 25%"; | ||||
|     } | ||||
|  | @ -5542,7 +5666,9 @@ sub mysql_databases { | |||
|             ) | ||||
|           ) . ")"; | ||||
|         badprint "Index size is larger than data size for $dbinfo[0] \n" | ||||
|           if ( $dbinfo[2] ne 'NULL' ) and ( $dbinfo[3] ne 'NULL' ) and ( $dbinfo[2] < $dbinfo[3] ); | ||||
|           if ( $dbinfo[2] ne 'NULL' ) | ||||
|           and ( $dbinfo[3] ne 'NULL' ) | ||||
|           and ( $dbinfo[2] < $dbinfo[3] ); | ||||
|         badprint "There are " . $dbinfo[5] . " storage engines. Be careful. \n" | ||||
|           if $dbinfo[5] > 1; | ||||
|         $result{'Databases'}{ $dbinfo[0] }{'Rows'}       = $dbinfo[1]; | ||||
|  | @ -5681,7 +5807,7 @@ ENDSQL | |||
|         my @info = split /\s/; | ||||
|         infoprint "Index: " . $info[1] . ""; | ||||
| 
 | ||||
|         infoprint " +-- COLUNM      : " . $info[0] . ""; | ||||
|         infoprint " +-- COLUMN      : " . $info[0] . ""; | ||||
|         infoprint " +-- NB SEQS     : " . $info[2] . " sequence(s)"; | ||||
|         infoprint " +-- NB COLS     : " . $info[3] . " column(s)"; | ||||
|         infoprint " +-- CARDINALITY : " . $info[4] . " distinct values"; | ||||
|  | @ -5689,10 +5815,10 @@ ENDSQL | |||
|         infoprint " +-- TYPE        : " . $info[6]; | ||||
|         infoprint " +-- SELECTIVITY : " . $info[7] . "%"; | ||||
| 
 | ||||
|         $result{'Indexes'}{ $info[1] }{'Colunm'}            = $info[0]; | ||||
|         $result{'Indexes'}{ $info[1] }{'Column'}            = $info[0]; | ||||
|         $result{'Indexes'}{ $info[1] }{'Sequence number'}   = $info[2]; | ||||
|         $result{'Indexes'}{ $info[1] }{'Number of collunm'} = $info[3]; | ||||
|         $result{'Indexes'}{ $info[1] }{'Cardianality'}      = $info[4]; | ||||
|         $result{'Indexes'}{ $info[1] }{'Number of column'}  = $info[3]; | ||||
|         $result{'Indexes'}{ $info[1] }{'Cardinality'}       = $info[4]; | ||||
|         $result{'Indexes'}{ $info[1] }{'Row number'}        = $info[5]; | ||||
|         $result{'Indexes'}{ $info[1] }{'Index Type'}        = $info[6]; | ||||
|         $result{'Indexes'}{ $info[1] }{'Selectivity'}       = $info[7]; | ||||
|  | @ -5917,7 +6043,7 @@ __END__ | |||
| 
 | ||||
| =head1 NAME | ||||
| 
 | ||||
|  MySQLTuner 1.7.0 - MySQL High Performance Tuning Script | ||||
|  MySQLTuner 1.7.1 - MySQL High Performance Tuning Script | ||||
| 
 | ||||
| =head1 IMPORTANT USAGE GUIDELINES | ||||
| 
 | ||||
|  |  | |||
|  | @ -1,63 +1,63 @@ | |||
| 4.0.20;4;0;20;CVE-2004-0457;Candidate;"The mysqlhotcopy script in mysql 4.0.20 and earlier; when using the scp method from the mysql-server package; allows local users to overwrite arbitrary files via a symlink attack on temporary files.";"DEBIAN:DSA-540   |   URL:http://www.debian.org/security/2004/dsa-540   |   CONFIRM:http://packages.debian.org/changelogs/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-11/changelog   |   REDHAT:RHSA-2004:597   |   URL:http://www.redhat.com/support/errata/RHSA-2004-597.html   |   CIAC:P-018   |   URL:http://www.ciac.org/ciac/bulletins/p-018.shtml   |   OVAL:oval:org.mitre.oval:def:10693   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10693   |   XF:mysql-mysqlhotcopy-insecure-file(17030)   |   URL:http://xforce.iss.net/xforce/xfdb/17030";Assigned (20040506);"None (candidate not yet proposed)"; | ||||
| 4.0.21;4;0;21;CVE-2004-0836;Candidate;"Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21; and 3.x before 3.23.49; allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).";"CONECTIVA:CLA-2004:892   |   URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892   |   DEBIAN:DSA-562   |   URL:http://www.debian.org/security/2004/dsa-562   |   GENTOO:GLSA-200410-22   |   URL:http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml   |   MISC:http://bugs.mysql.com/bug.php?id=4017   |   MISC:http://lists.mysql.com/internals/14726   |   REDHAT:RHSA-2004:597   |   URL:http://www.redhat.com/support/errata/RHSA-2004-597.html   |   REDHAT:RHSA-2004:611   |   URL:http://www.redhat.com/support/errata/RHSA-2004-611.html   |   TRUSTIX:2004-0054   |   URL:http://www.trustix.org/errata/2004/0054/   |   BUGTRAQ:20041125 [USN-32-1] mysql vulnerabilities   |   URL:http://marc.info/?l=bugtraq&m=110140517515735&w=2   |   CIAC:P-018   |   URL:http://www.ciac.org/ciac/bulletins/p-018.shtml   |   BID:10981   |   URL:http://www.securityfocus.com/bid/10981   |   SECUNIA:12305   |   URL:http://secunia.com/advisories/12305/   |   XF:mysql-realconnect-bo(17047)   |   URL:http://xforce.iss.net/xforce/xfdb/17047";Assigned (20040908);"None (candidate not yet proposed)"; | ||||
| 3.23.49;3;23;49;CVE-2004-0836;Candidate;"Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21; and 3.x before 3.23.49; allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).";"CONECTIVA:CLA-2004:892   |   URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892   |   DEBIAN:DSA-562   |   URL:http://www.debian.org/security/2004/dsa-562   |   GENTOO:GLSA-200410-22   |   URL:http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml   |   MISC:http://bugs.mysql.com/bug.php?id=4017   |   MISC:http://lists.mysql.com/internals/14726   |   REDHAT:RHSA-2004:597   |   URL:http://www.redhat.com/support/errata/RHSA-2004-597.html   |   REDHAT:RHSA-2004:611   |   URL:http://www.redhat.com/support/errata/RHSA-2004-611.html   |   TRUSTIX:2004-0054   |   URL:http://www.trustix.org/errata/2004/0054/   |   BUGTRAQ:20041125 [USN-32-1] mysql vulnerabilities   |   URL:http://marc.info/?l=bugtraq&m=110140517515735&w=2   |   CIAC:P-018   |   URL:http://www.ciac.org/ciac/bulletins/p-018.shtml   |   BID:10981   |   URL:http://www.securityfocus.com/bid/10981   |   SECUNIA:12305   |   URL:http://secunia.com/advisories/12305/   |   XF:mysql-realconnect-bo(17047)   |   URL:http://xforce.iss.net/xforce/xfdb/17047";Assigned (20040908);"None (candidate not yet proposed)"; | ||||
| 4.0.20;4;0;20;CVE-2004-0836;Candidate;"Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21; and 3.x before 3.23.49; allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).";"CONECTIVA:CLA-2004:892   |   URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892   |   DEBIAN:DSA-562   |   URL:http://www.debian.org/security/2004/dsa-562   |   GENTOO:GLSA-200410-22   |   URL:http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml   |   MISC:http://bugs.mysql.com/bug.php?id=4017   |   MISC:http://lists.mysql.com/internals/14726   |   REDHAT:RHSA-2004:597   |   URL:http://www.redhat.com/support/errata/RHSA-2004-597.html   |   REDHAT:RHSA-2004:611   |   URL:http://www.redhat.com/support/errata/RHSA-2004-611.html   |   TRUSTIX:2004-0054   |   URL:http://www.trustix.org/errata/2004/0054/   |   BUGTRAQ:20041125 [USN-32-1] mysql vulnerabilities   |   URL:http://marc.info/?l=bugtraq&m=110140517515735&w=2   |   CIAC:P-018   |   URL:http://www.ciac.org/ciac/bulletins/p-018.shtml   |   BID:10981   |   URL:http://www.securityfocus.com/bid/10981   |   SECUNIA:12305   |   URL:http://secunia.com/advisories/12305/   |   XF:mysql-realconnect-bo(17047)   |   URL:http://xforce.iss.net/xforce/xfdb/17047";Assigned (20040908);"None (candidate not yet proposed)"; | ||||
| 3.23.48;3;23;48;CVE-2004-0836;Candidate;"Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21; and 3.x before 3.23.49; allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).";"CONECTIVA:CLA-2004:892   |   URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892   |   DEBIAN:DSA-562   |   URL:http://www.debian.org/security/2004/dsa-562   |   GENTOO:GLSA-200410-22   |   URL:http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml   |   MISC:http://bugs.mysql.com/bug.php?id=4017   |   MISC:http://lists.mysql.com/internals/14726   |   REDHAT:RHSA-2004:597   |   URL:http://www.redhat.com/support/errata/RHSA-2004-597.html   |   REDHAT:RHSA-2004:611   |   URL:http://www.redhat.com/support/errata/RHSA-2004-611.html   |   TRUSTIX:2004-0054   |   URL:http://www.trustix.org/errata/2004/0054/   |   BUGTRAQ:20041125 [USN-32-1] mysql vulnerabilities   |   URL:http://marc.info/?l=bugtraq&m=110140517515735&w=2   |   CIAC:P-018   |   URL:http://www.ciac.org/ciac/bulletins/p-018.shtml   |   BID:10981   |   URL:http://www.securityfocus.com/bid/10981   |   SECUNIA:12305   |   URL:http://secunia.com/advisories/12305/   |   XF:mysql-realconnect-bo(17047)   |   URL:http://xforce.iss.net/xforce/xfdb/17047";Assigned (20040908);"None (candidate not yet proposed)"; | ||||
| 4.1.9;4;1;9;CVE-2005-0799;Candidate;"MySQL 4.1.9; and possibly earlier versions; allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN.";"BUGTRAQ:20050315 Denial of Service Vulnerability in MySQL Server for Windows   |   URL:http://marc.info/?l=bugtraq&m=111091250923281&w=2   |   CONFIRM:http://bugs.mysql.com/bug.php?id=9148   |   SECUNIA:14564   |   URL:http://secunia.com/advisories/14564";Assigned (20050320);"None (candidate not yet proposed)"; | ||||
| 4.1.21;4;1;21;CVE-2006-3469;Candidate;"Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function; which is later used in a formatted print call to display the error message.";"MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694   |   MISC:http://bugs.mysql.com/bug.php?id=20729   |   CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html   |   CONFIRM:http://docs.info.apple.com/article.html?artnum=305214   |   APPLE:APPLE-SA-2007-03-13   |   URL:http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html   |   DEBIAN:DSA-1112   |   URL:http://www.debian.org/security/2006/dsa-1112   |   GENTOO:GLSA-200608-09   |   URL:http://security.gentoo.org/glsa/glsa-200608-09.xml   |   REDHAT:RHSA-2008:0768   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html   |   UBUNTU:USN-321-1   |   URL:http://www.ubuntu.com/usn/usn-321-1   |   CERT:TA07-072A   |   URL:http://www.us-cert.gov/cas/techalerts/TA07-072A.html   |   BID:19032   |   URL:http://www.securityfocus.com/bid/19032   |   OVAL:oval:org.mitre.oval:def:9827   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9827   |   VUPEN:ADV-2007-0930   |   URL:http://www.vupen.com/english/advisories/2007/0930   |   SECUNIA:21147   |   URL:http://secunia.com/advisories/21147   |   SECUNIA:21366   |   URL:http://secunia.com/advisories/21366   |   SECUNIA:24479   |   URL:http://secunia.com/advisories/24479   |   SECUNIA:31226   |   URL:http://secunia.com/advisories/31226";Assigned (20060710);"None (candidate not yet proposed)"; | ||||
| 4.1.23;4;1;23;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded   |   MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released!   |   URL:http://lists.mysql.com/announce/470   |   MISC:http://bugs.mysql.com/bug.php?id=27515   |   CONFIRM:https://issues.rpath.com/browse/RPL-1536   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html   |   CONFIRM:http://support.apple.com/kb/HT3216   |   APPLE:APPLE-SA-2008-10-09   |   URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html   |   DEBIAN:DSA-1413   |   URL:http://www.debian.org/security/2007/dsa-1413   |   MANDRIVA:MDKSA-2007:139   |   URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139   |   REDHAT:RHSA-2007:0894   |   URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html   |   REDHAT:RHSA-2008:0768   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html   |   REDHAT:RHSA-2008:0364   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-528-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1   |   BID:24016   |   URL:http://www.securityfocus.com/bid/24016   |   BID:31681   |   URL:http://www.securityfocus.com/bid/31681   |   OSVDB:34766   |   URL:http://osvdb.org/34766   |   OVAL:oval:org.mitre.oval:def:9559   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559   |   SECUNIA:30351   |   URL:http://secunia.com/advisories/30351   |   VUPEN:ADV-2007-1804   |   URL:http://www.vupen.com/english/advisories/2007/1804   |   VUPEN:ADV-2008-2780   |   URL:http://www.vupen.com/english/advisories/2008/2780   |   SECTRACK:1018069   |   URL:http://www.securitytracker.com/id?1018069   |   SECUNIA:25301   |   URL:http://secunia.com/advisories/25301   |   SECUNIA:25946   |   URL:http://secunia.com/advisories/25946   |   SECUNIA:26073   |   URL:http://secunia.com/advisories/26073   |   SECUNIA:27155   |   URL:http://secunia.com/advisories/27155   |   SECUNIA:26430   |   URL:http://secunia.com/advisories/26430   |   SECUNIA:27823   |   URL:http://secunia.com/advisories/27823   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:31226   |   URL:http://secunia.com/advisories/31226   |   SECUNIA:32222   |   URL:http://secunia.com/advisories/32222   |   XF:mysql-renametable-weak-security(34347)   |   URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; | ||||
| 5.0.42;5;0;42;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded   |   MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released!   |   URL:http://lists.mysql.com/announce/470   |   MISC:http://bugs.mysql.com/bug.php?id=27515   |   CONFIRM:https://issues.rpath.com/browse/RPL-1536   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html   |   CONFIRM:http://support.apple.com/kb/HT3216   |   APPLE:APPLE-SA-2008-10-09   |   URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html   |   DEBIAN:DSA-1413   |   URL:http://www.debian.org/security/2007/dsa-1413   |   MANDRIVA:MDKSA-2007:139   |   URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139   |   REDHAT:RHSA-2007:0894   |   URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html   |   REDHAT:RHSA-2008:0768   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html   |   REDHAT:RHSA-2008:0364   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-528-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1   |   BID:24016   |   URL:http://www.securityfocus.com/bid/24016   |   BID:31681   |   URL:http://www.securityfocus.com/bid/31681   |   OSVDB:34766   |   URL:http://osvdb.org/34766   |   OVAL:oval:org.mitre.oval:def:9559   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559   |   SECUNIA:30351   |   URL:http://secunia.com/advisories/30351   |   VUPEN:ADV-2007-1804   |   URL:http://www.vupen.com/english/advisories/2007/1804   |   VUPEN:ADV-2008-2780   |   URL:http://www.vupen.com/english/advisories/2008/2780   |   SECTRACK:1018069   |   URL:http://www.securitytracker.com/id?1018069   |   SECUNIA:25301   |   URL:http://secunia.com/advisories/25301   |   SECUNIA:25946   |   URL:http://secunia.com/advisories/25946   |   SECUNIA:26073   |   URL:http://secunia.com/advisories/26073   |   SECUNIA:27155   |   URL:http://secunia.com/advisories/27155   |   SECUNIA:26430   |   URL:http://secunia.com/advisories/26430   |   SECUNIA:27823   |   URL:http://secunia.com/advisories/27823   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:31226   |   URL:http://secunia.com/advisories/31226   |   SECUNIA:32222   |   URL:http://secunia.com/advisories/32222   |   XF:mysql-renametable-weak-security(34347)   |   URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; | ||||
| 5.1.18;5;1;18;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded   |   MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released!   |   URL:http://lists.mysql.com/announce/470   |   MISC:http://bugs.mysql.com/bug.php?id=27515   |   CONFIRM:https://issues.rpath.com/browse/RPL-1536   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html   |   CONFIRM:http://support.apple.com/kb/HT3216   |   APPLE:APPLE-SA-2008-10-09   |   URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html   |   DEBIAN:DSA-1413   |   URL:http://www.debian.org/security/2007/dsa-1413   |   MANDRIVA:MDKSA-2007:139   |   URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139   |   REDHAT:RHSA-2007:0894   |   URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html   |   REDHAT:RHSA-2008:0768   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html   |   REDHAT:RHSA-2008:0364   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-528-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1   |   BID:24016   |   URL:http://www.securityfocus.com/bid/24016   |   BID:31681   |   URL:http://www.securityfocus.com/bid/31681   |   OSVDB:34766   |   URL:http://osvdb.org/34766   |   OVAL:oval:org.mitre.oval:def:9559   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559   |   SECUNIA:30351   |   URL:http://secunia.com/advisories/30351   |   VUPEN:ADV-2007-1804   |   URL:http://www.vupen.com/english/advisories/2007/1804   |   VUPEN:ADV-2008-2780   |   URL:http://www.vupen.com/english/advisories/2008/2780   |   SECTRACK:1018069   |   URL:http://www.securitytracker.com/id?1018069   |   SECUNIA:25301   |   URL:http://secunia.com/advisories/25301   |   SECUNIA:25946   |   URL:http://secunia.com/advisories/25946   |   SECUNIA:26073   |   URL:http://secunia.com/advisories/26073   |   SECUNIA:27155   |   URL:http://secunia.com/advisories/27155   |   SECUNIA:26430   |   URL:http://secunia.com/advisories/26430   |   SECUNIA:27823   |   URL:http://secunia.com/advisories/27823   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:31226   |   URL:http://secunia.com/advisories/31226   |   SECUNIA:32222   |   URL:http://secunia.com/advisories/32222   |   XF:mysql-renametable-weak-security(34347)   |   URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; | ||||
| 5.0.45;5;0;45;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded   |   MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released!   |   URL:http://lists.mysql.com/announce/470   |   MISC:http://bugs.mysql.com/bug.php?id=27515   |   CONFIRM:https://issues.rpath.com/browse/RPL-1536   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html   |   CONFIRM:http://support.apple.com/kb/HT3216   |   APPLE:APPLE-SA-2008-10-09   |   URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html   |   DEBIAN:DSA-1413   |   URL:http://www.debian.org/security/2007/dsa-1413   |   MANDRIVA:MDKSA-2007:139   |   URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139   |   REDHAT:RHSA-2007:0894   |   URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html   |   REDHAT:RHSA-2008:0768   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html   |   REDHAT:RHSA-2008:0364   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-528-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1   |   BID:24016   |   URL:http://www.securityfocus.com/bid/24016   |   BID:31681   |   URL:http://www.securityfocus.com/bid/31681   |   OSVDB:34766   |   URL:http://osvdb.org/34766   |   OVAL:oval:org.mitre.oval:def:9559   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559   |   SECUNIA:30351   |   URL:http://secunia.com/advisories/30351   |   VUPEN:ADV-2007-1804   |   URL:http://www.vupen.com/english/advisories/2007/1804   |   VUPEN:ADV-2008-2780   |   URL:http://www.vupen.com/english/advisories/2008/2780   |   SECTRACK:1018069   |   URL:http://www.securitytracker.com/id?1018069   |   SECUNIA:25301   |   URL:http://secunia.com/advisories/25301   |   SECUNIA:25946   |   URL:http://secunia.com/advisories/25946   |   SECUNIA:26073   |   URL:http://secunia.com/advisories/26073   |   SECUNIA:27155   |   URL:http://secunia.com/advisories/27155   |   SECUNIA:26430   |   URL:http://secunia.com/advisories/26430   |   SECUNIA:27823   |   URL:http://secunia.com/advisories/27823   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:31226   |   URL:http://secunia.com/advisories/31226   |   SECUNIA:32222   |   URL:http://secunia.com/advisories/32222   |   XF:mysql-renametable-weak-security(34347)   |   URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; | ||||
| 5.0.40;5;0;40;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded   |   MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released!   |   URL:http://lists.mysql.com/announce/470   |   MISC:http://bugs.mysql.com/bug.php?id=27337   |   CONFIRM:https://issues.rpath.com/browse/RPL-1536   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html   |   DEBIAN:DSA-1413   |   URL:http://www.debian.org/security/2007/dsa-1413   |   MANDRIVA:MDVSA-2008:028   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028   |   REDHAT:RHSA-2007:0894   |   URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html   |   REDHAT:RHSA-2008:0364   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-588-1   |   URL:http://www.ubuntu.com/usn/usn-588-1   |   BID:24011   |   URL:http://www.securityfocus.com/bid/24011   |   OSVDB:34765   |   URL:http://osvdb.org/34765   |   OVAL:oval:org.mitre.oval:def:9166   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9166   |   SECUNIA:30351   |   URL:http://secunia.com/advisories/30351   |   VUPEN:ADV-2007-1804   |   URL:http://www.vupen.com/english/advisories/2007/1804   |   SECTRACK:1018070   |   URL:http://www.securitytracker.com/id?1018070   |   SECUNIA:25301   |   URL:http://secunia.com/advisories/25301   |   SECUNIA:26073   |   URL:http://secunia.com/advisories/26073   |   SECUNIA:26430   |   URL:http://secunia.com/advisories/26430   |   SECUNIA:27823   |   URL:http://secunia.com/advisories/27823   |   SECUNIA:28637   |   URL:http://secunia.com/advisories/28637   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:29443   |   URL:http://secunia.com/advisories/29443   |   XF:mysql-changedb-privilege-escalation(34348)   |   URL:http://xforce.iss.net/xforce/xfdb/34348";Assigned (20070515);"None (candidate not yet proposed)"; | ||||
| 5.1.18;5;1;18;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded   |   MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released!   |   URL:http://lists.mysql.com/announce/470   |   MISC:http://bugs.mysql.com/bug.php?id=27337   |   CONFIRM:https://issues.rpath.com/browse/RPL-1536   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html   |   DEBIAN:DSA-1413   |   URL:http://www.debian.org/security/2007/dsa-1413   |   MANDRIVA:MDVSA-2008:028   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028   |   REDHAT:RHSA-2007:0894   |   URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html   |   REDHAT:RHSA-2008:0364   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-588-1   |   URL:http://www.ubuntu.com/usn/usn-588-1   |   BID:24011   |   URL:http://www.securityfocus.com/bid/24011   |   OSVDB:34765   |   URL:http://osvdb.org/34765   |   OVAL:oval:org.mitre.oval:def:9166   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9166   |   SECUNIA:30351   |   URL:http://secunia.com/advisories/30351   |   VUPEN:ADV-2007-1804   |   URL:http://www.vupen.com/english/advisories/2007/1804   |   SECTRACK:1018070   |   URL:http://www.securitytracker.com/id?1018070   |   SECUNIA:25301   |   URL:http://secunia.com/advisories/25301   |   SECUNIA:26073   |   URL:http://secunia.com/advisories/26073   |   SECUNIA:26430   |   URL:http://secunia.com/advisories/26430   |   SECUNIA:27823   |   URL:http://secunia.com/advisories/27823   |   SECUNIA:28637   |   URL:http://secunia.com/advisories/28637   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:29443   |   URL:http://secunia.com/advisories/29443   |   XF:mysql-changedb-privilege-escalation(34348)   |   URL:http://xforce.iss.net/xforce/xfdb/34348";Assigned (20070515);"None (candidate not yet proposed)"; | ||||
| 5.0.45;5;0;45;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded   |   MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released!   |   URL:http://lists.mysql.com/announce/470   |   MISC:http://bugs.mysql.com/bug.php?id=27337   |   CONFIRM:https://issues.rpath.com/browse/RPL-1536   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html   |   DEBIAN:DSA-1413   |   URL:http://www.debian.org/security/2007/dsa-1413   |   MANDRIVA:MDVSA-2008:028   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028   |   REDHAT:RHSA-2007:0894   |   URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html   |   REDHAT:RHSA-2008:0364   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-588-1   |   URL:http://www.ubuntu.com/usn/usn-588-1   |   BID:24011   |   URL:http://www.securityfocus.com/bid/24011   |   OSVDB:34765   |   URL:http://osvdb.org/34765   |   OVAL:oval:org.mitre.oval:def:9166   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9166   |   SECUNIA:30351   |   URL:http://secunia.com/advisories/30351   |   VUPEN:ADV-2007-1804   |   URL:http://www.vupen.com/english/advisories/2007/1804   |   SECTRACK:1018070   |   URL:http://www.securitytracker.com/id?1018070   |   SECUNIA:25301   |   URL:http://secunia.com/advisories/25301   |   SECUNIA:26073   |   URL:http://secunia.com/advisories/26073   |   SECUNIA:26430   |   URL:http://secunia.com/advisories/26430   |   SECUNIA:27823   |   URL:http://secunia.com/advisories/27823   |   SECUNIA:28637   |   URL:http://secunia.com/advisories/28637   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:29443   |   URL:http://secunia.com/advisories/29443   |   XF:mysql-changedb-privilege-escalation(34348)   |   URL:http://xforce.iss.net/xforce/xfdb/34348";Assigned (20070515);"None (candidate not yet proposed)"; | ||||
| 5.0.45;5;0;45;CVE-2007-3780;Candidate;"MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded   |   MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released!   |   URL:http://lists.mysql.com/announce/470   |   MISC:http://bugs.mysql.com/bug.php?id=28984   |   CONFIRM:https://issues.rpath.com/browse/RPL-1536   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html   |   CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html   |   DEBIAN:DSA-1413   |   URL:http://www.debian.org/security/2007/dsa-1413   |   GENTOO:GLSA-200708-10   |   URL:http://security.gentoo.org/glsa/glsa-200708-10.xml   |   MANDRIVA:MDKSA-2007:177   |   URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:177   |   REDHAT:RHSA-2007:0894   |   URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html   |   REDHAT:RHSA-2007:0875   |   URL:http://www.redhat.com/support/errata/RHSA-2007-0875.html   |   SUSE:SUSE-SR:2007:019   |   URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html   |   UBUNTU:USN-528-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1   |   BID:25017   |   URL:http://www.securityfocus.com/bid/25017   |   OSVDB:36732   |   URL:http://osvdb.org/36732   |   OVAL:oval:org.mitre.oval:def:11058   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11058   |   VUPEN:ADV-2008-1000   |   URL:http://www.vupen.com/english/advisories/2008/1000/references   |   SECTRACK:1018629   |   URL:http://www.securitytracker.com/id?1018629   |   SECUNIA:26073   |   URL:http://secunia.com/advisories/26073   |   SECUNIA:26498   |   URL:http://secunia.com/advisories/26498   |   SECUNIA:26710   |   URL:http://secunia.com/advisories/26710   |   SECUNIA:25301   |   URL:http://secunia.com/advisories/25301   |   SECUNIA:26987   |   URL:http://secunia.com/advisories/26987   |   SECUNIA:26621   |   URL:http://secunia.com/advisories/26621   |   SECUNIA:27155   |   URL:http://secunia.com/advisories/27155   |   SECUNIA:26430   |   URL:http://secunia.com/advisories/26430   |   SECUNIA:27823   |   URL:http://secunia.com/advisories/27823";Assigned (20070715);"None (candidate not yet proposed)"; | ||||
| 5.0.45;5;0;45;CVE-2007-3781;Candidate;"MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement; which allows remote authenticated users to obtain sensitive information such as the table structure.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded   |   MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released!   |   URL:http://lists.mysql.com/announce/470   |   MISC:http://bugs.mysql.com/bug.php?id=25578   |   CONFIRM:https://issues.rpath.com/browse/RPL-1536   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html   |   DEBIAN:DSA-1451   |   URL:http://www.debian.org/security/2008/dsa-1451   |   GENTOO:GLSA-200708-10   |   URL:http://security.gentoo.org/glsa/glsa-200708-10.xml   |   MANDRIVA:MDKSA-2007:243   |   URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243   |   REDHAT:RHSA-2007:0894   |   URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html   |   REDHAT:RHSA-2008:0364   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html   |   SLACKWARE:SSA:2007-348-01   |   URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959   |   UBUNTU:USN-559-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1   |   BID:25017   |   URL:http://www.securityfocus.com/bid/25017   |   OSVDB:37783   |   URL:http://osvdb.org/37783   |   OVAL:oval:org.mitre.oval:def:9195   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9195   |   SECUNIA:26073   |   URL:http://secunia.com/advisories/26073   |   SECUNIA:26498   |   URL:http://secunia.com/advisories/26498   |   SECUNIA:25301   |   URL:http://secunia.com/advisories/25301   |   SECUNIA:26987   |   URL:http://secunia.com/advisories/26987   |   SECUNIA:26430   |   URL:http://secunia.com/advisories/26430   |   SECUNIA:28040   |   URL:http://secunia.com/advisories/28040   |   SECUNIA:28108   |   URL:http://secunia.com/advisories/28108   |   SECUNIA:28128   |   URL:http://secunia.com/advisories/28128   |   SECUNIA:28343   |   URL:http://secunia.com/advisories/28343   |   SECUNIA:30351   |   URL:http://secunia.com/advisories/30351";Assigned (20070715);"None (candidate not yet proposed)"; | ||||
| 5.0.45;5;0;45;CVE-2007-3782;Candidate;"MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded   |   MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released!   |   URL:http://lists.mysql.com/announce/470   |   CONFIRM:https://issues.rpath.com/browse/RPL-1536   |   CONFIRM:http://bugs.mysql.com/bug.php?id=27878   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html   |   DEBIAN:DSA-1413   |   URL:http://www.debian.org/security/2007/dsa-1413   |   MANDRIVA:MDKSA-2007:177   |   URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:177   |   REDHAT:RHSA-2007:0894   |   URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html   |   REDHAT:RHSA-2008:0364   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html   |   SUSE:SUSE-SR:2007:019   |   URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html   |   UBUNTU:USN-528-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1   |   BID:25017   |   URL:http://www.securityfocus.com/bid/25017   |   OVAL:oval:org.mitre.oval:def:10563   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10563   |   SECTRACK:1018663   |   URL:http://securitytracker.com/id?1018663   |   SECUNIA:26073   |   URL:http://secunia.com/advisories/26073   |   SECUNIA:26710   |   URL:http://secunia.com/advisories/26710   |   SECUNIA:25301   |   URL:http://secunia.com/advisories/25301   |   SECUNIA:26987   |   URL:http://secunia.com/advisories/26987   |   SECUNIA:27155   |   URL:http://secunia.com/advisories/27155   |   SECUNIA:26430   |   URL:http://secunia.com/advisories/26430   |   SECUNIA:27823   |   URL:http://secunia.com/advisories/27823   |   SECUNIA:30351   |   URL:http://secunia.com/advisories/30351";Assigned (20070715);"None (candidate not yet proposed)"; | ||||
| 4.1.20;4;1;20;CVE-2006-3469;Candidate;"Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function; which is later used in a formatted print call to display the error message.";"MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694   |   MISC:http://bugs.mysql.com/bug.php?id=20729   |   CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html   |   CONFIRM:http://docs.info.apple.com/article.html?artnum=305214   |   APPLE:APPLE-SA-2007-03-13   |   URL:http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html   |   DEBIAN:DSA-1112   |   URL:http://www.debian.org/security/2006/dsa-1112   |   GENTOO:GLSA-200608-09   |   URL:http://security.gentoo.org/glsa/glsa-200608-09.xml   |   REDHAT:RHSA-2008:0768   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html   |   UBUNTU:USN-321-1   |   URL:http://www.ubuntu.com/usn/usn-321-1   |   CERT:TA07-072A   |   URL:http://www.us-cert.gov/cas/techalerts/TA07-072A.html   |   BID:19032   |   URL:http://www.securityfocus.com/bid/19032   |   OVAL:oval:org.mitre.oval:def:9827   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9827   |   VUPEN:ADV-2007-0930   |   URL:http://www.vupen.com/english/advisories/2007/0930   |   SECUNIA:21147   |   URL:http://secunia.com/advisories/21147   |   SECUNIA:21366   |   URL:http://secunia.com/advisories/21366   |   SECUNIA:24479   |   URL:http://secunia.com/advisories/24479   |   SECUNIA:31226   |   URL:http://secunia.com/advisories/31226";Assigned (20060710);"None (candidate not yet proposed)"; | ||||
| 4.1.22;4;1;22;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded   |   MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released!   |   URL:http://lists.mysql.com/announce/470   |   MISC:http://bugs.mysql.com/bug.php?id=27515   |   CONFIRM:https://issues.rpath.com/browse/RPL-1536   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html   |   CONFIRM:http://support.apple.com/kb/HT3216   |   APPLE:APPLE-SA-2008-10-09   |   URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html   |   DEBIAN:DSA-1413   |   URL:http://www.debian.org/security/2007/dsa-1413   |   MANDRIVA:MDKSA-2007:139   |   URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139   |   REDHAT:RHSA-2007:0894   |   URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html   |   REDHAT:RHSA-2008:0768   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html   |   REDHAT:RHSA-2008:0364   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-528-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1   |   BID:24016   |   URL:http://www.securityfocus.com/bid/24016   |   BID:31681   |   URL:http://www.securityfocus.com/bid/31681   |   OSVDB:34766   |   URL:http://osvdb.org/34766   |   OVAL:oval:org.mitre.oval:def:9559   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559   |   SECUNIA:30351   |   URL:http://secunia.com/advisories/30351   |   VUPEN:ADV-2007-1804   |   URL:http://www.vupen.com/english/advisories/2007/1804   |   VUPEN:ADV-2008-2780   |   URL:http://www.vupen.com/english/advisories/2008/2780   |   SECTRACK:1018069   |   URL:http://www.securitytracker.com/id?1018069   |   SECUNIA:25301   |   URL:http://secunia.com/advisories/25301   |   SECUNIA:25946   |   URL:http://secunia.com/advisories/25946   |   SECUNIA:26073   |   URL:http://secunia.com/advisories/26073   |   SECUNIA:27155   |   URL:http://secunia.com/advisories/27155   |   SECUNIA:26430   |   URL:http://secunia.com/advisories/26430   |   SECUNIA:27823   |   URL:http://secunia.com/advisories/27823   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:31226   |   URL:http://secunia.com/advisories/31226   |   SECUNIA:32222   |   URL:http://secunia.com/advisories/32222   |   XF:mysql-renametable-weak-security(34347)   |   URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; | ||||
| 5.0.41;5;0;41;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded   |   MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released!   |   URL:http://lists.mysql.com/announce/470   |   MISC:http://bugs.mysql.com/bug.php?id=27515   |   CONFIRM:https://issues.rpath.com/browse/RPL-1536   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html   |   CONFIRM:http://support.apple.com/kb/HT3216   |   APPLE:APPLE-SA-2008-10-09   |   URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html   |   DEBIAN:DSA-1413   |   URL:http://www.debian.org/security/2007/dsa-1413   |   MANDRIVA:MDKSA-2007:139   |   URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139   |   REDHAT:RHSA-2007:0894   |   URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html   |   REDHAT:RHSA-2008:0768   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html   |   REDHAT:RHSA-2008:0364   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-528-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1   |   BID:24016   |   URL:http://www.securityfocus.com/bid/24016   |   BID:31681   |   URL:http://www.securityfocus.com/bid/31681   |   OSVDB:34766   |   URL:http://osvdb.org/34766   |   OVAL:oval:org.mitre.oval:def:9559   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559   |   SECUNIA:30351   |   URL:http://secunia.com/advisories/30351   |   VUPEN:ADV-2007-1804   |   URL:http://www.vupen.com/english/advisories/2007/1804   |   VUPEN:ADV-2008-2780   |   URL:http://www.vupen.com/english/advisories/2008/2780   |   SECTRACK:1018069   |   URL:http://www.securitytracker.com/id?1018069   |   SECUNIA:25301   |   URL:http://secunia.com/advisories/25301   |   SECUNIA:25946   |   URL:http://secunia.com/advisories/25946   |   SECUNIA:26073   |   URL:http://secunia.com/advisories/26073   |   SECUNIA:27155   |   URL:http://secunia.com/advisories/27155   |   SECUNIA:26430   |   URL:http://secunia.com/advisories/26430   |   SECUNIA:27823   |   URL:http://secunia.com/advisories/27823   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:31226   |   URL:http://secunia.com/advisories/31226   |   SECUNIA:32222   |   URL:http://secunia.com/advisories/32222   |   XF:mysql-renametable-weak-security(34347)   |   URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; | ||||
| 5.1.17;5;1;17;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded   |   MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released!   |   URL:http://lists.mysql.com/announce/470   |   MISC:http://bugs.mysql.com/bug.php?id=27515   |   CONFIRM:https://issues.rpath.com/browse/RPL-1536   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html   |   CONFIRM:http://support.apple.com/kb/HT3216   |   APPLE:APPLE-SA-2008-10-09   |   URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html   |   DEBIAN:DSA-1413   |   URL:http://www.debian.org/security/2007/dsa-1413   |   MANDRIVA:MDKSA-2007:139   |   URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139   |   REDHAT:RHSA-2007:0894   |   URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html   |   REDHAT:RHSA-2008:0768   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html   |   REDHAT:RHSA-2008:0364   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-528-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1   |   BID:24016   |   URL:http://www.securityfocus.com/bid/24016   |   BID:31681   |   URL:http://www.securityfocus.com/bid/31681   |   OSVDB:34766   |   URL:http://osvdb.org/34766   |   OVAL:oval:org.mitre.oval:def:9559   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559   |   SECUNIA:30351   |   URL:http://secunia.com/advisories/30351   |   VUPEN:ADV-2007-1804   |   URL:http://www.vupen.com/english/advisories/2007/1804   |   VUPEN:ADV-2008-2780   |   URL:http://www.vupen.com/english/advisories/2008/2780   |   SECTRACK:1018069   |   URL:http://www.securitytracker.com/id?1018069   |   SECUNIA:25301   |   URL:http://secunia.com/advisories/25301   |   SECUNIA:25946   |   URL:http://secunia.com/advisories/25946   |   SECUNIA:26073   |   URL:http://secunia.com/advisories/26073   |   SECUNIA:27155   |   URL:http://secunia.com/advisories/27155   |   SECUNIA:26430   |   URL:http://secunia.com/advisories/26430   |   SECUNIA:27823   |   URL:http://secunia.com/advisories/27823   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:31226   |   URL:http://secunia.com/advisories/31226   |   SECUNIA:32222   |   URL:http://secunia.com/advisories/32222   |   XF:mysql-renametable-weak-security(34347)   |   URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; | ||||
| 5.0.44;5;0;44;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded   |   MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released!   |   URL:http://lists.mysql.com/announce/470   |   MISC:http://bugs.mysql.com/bug.php?id=27515   |   CONFIRM:https://issues.rpath.com/browse/RPL-1536   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html   |   CONFIRM:http://support.apple.com/kb/HT3216   |   APPLE:APPLE-SA-2008-10-09   |   URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html   |   DEBIAN:DSA-1413   |   URL:http://www.debian.org/security/2007/dsa-1413   |   MANDRIVA:MDKSA-2007:139   |   URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139   |   REDHAT:RHSA-2007:0894   |   URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html   |   REDHAT:RHSA-2008:0768   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html   |   REDHAT:RHSA-2008:0364   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-528-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1   |   BID:24016   |   URL:http://www.securityfocus.com/bid/24016   |   BID:31681   |   URL:http://www.securityfocus.com/bid/31681   |   OSVDB:34766   |   URL:http://osvdb.org/34766   |   OVAL:oval:org.mitre.oval:def:9559   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559   |   SECUNIA:30351   |   URL:http://secunia.com/advisories/30351   |   VUPEN:ADV-2007-1804   |   URL:http://www.vupen.com/english/advisories/2007/1804   |   VUPEN:ADV-2008-2780   |   URL:http://www.vupen.com/english/advisories/2008/2780   |   SECTRACK:1018069   |   URL:http://www.securitytracker.com/id?1018069   |   SECUNIA:25301   |   URL:http://secunia.com/advisories/25301   |   SECUNIA:25946   |   URL:http://secunia.com/advisories/25946   |   SECUNIA:26073   |   URL:http://secunia.com/advisories/26073   |   SECUNIA:27155   |   URL:http://secunia.com/advisories/27155   |   SECUNIA:26430   |   URL:http://secunia.com/advisories/26430   |   SECUNIA:27823   |   URL:http://secunia.com/advisories/27823   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:31226   |   URL:http://secunia.com/advisories/31226   |   SECUNIA:32222   |   URL:http://secunia.com/advisories/32222   |   XF:mysql-renametable-weak-security(34347)   |   URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; | ||||
| 5.0.39;5;0;39;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded   |   MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released!   |   URL:http://lists.mysql.com/announce/470   |   MISC:http://bugs.mysql.com/bug.php?id=27337   |   CONFIRM:https://issues.rpath.com/browse/RPL-1536   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html   |   DEBIAN:DSA-1413   |   URL:http://www.debian.org/security/2007/dsa-1413   |   MANDRIVA:MDVSA-2008:028   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028   |   REDHAT:RHSA-2007:0894   |   URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html   |   REDHAT:RHSA-2008:0364   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-588-1   |   URL:http://www.ubuntu.com/usn/usn-588-1   |   BID:24011   |   URL:http://www.securityfocus.com/bid/24011   |   OSVDB:34765   |   URL:http://osvdb.org/34765   |   OVAL:oval:org.mitre.oval:def:9166   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9166   |   SECUNIA:30351   |   URL:http://secunia.com/advisories/30351   |   VUPEN:ADV-2007-1804   |   URL:http://www.vupen.com/english/advisories/2007/1804   |   SECTRACK:1018070   |   URL:http://www.securitytracker.com/id?1018070   |   SECUNIA:25301   |   URL:http://secunia.com/advisories/25301   |   SECUNIA:26073   |   URL:http://secunia.com/advisories/26073   |   SECUNIA:26430   |   URL:http://secunia.com/advisories/26430   |   SECUNIA:27823   |   URL:http://secunia.com/advisories/27823   |   SECUNIA:28637   |   URL:http://secunia.com/advisories/28637   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:29443   |   URL:http://secunia.com/advisories/29443   |   XF:mysql-changedb-privilege-escalation(34348)   |   URL:http://xforce.iss.net/xforce/xfdb/34348";Assigned (20070515);"None (candidate not yet proposed)"; | ||||
| 5.1.17;5;1;17;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded   |   MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released!   |   URL:http://lists.mysql.com/announce/470   |   MISC:http://bugs.mysql.com/bug.php?id=27337   |   CONFIRM:https://issues.rpath.com/browse/RPL-1536   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html   |   DEBIAN:DSA-1413   |   URL:http://www.debian.org/security/2007/dsa-1413   |   MANDRIVA:MDVSA-2008:028   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028   |   REDHAT:RHSA-2007:0894   |   URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html   |   REDHAT:RHSA-2008:0364   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-588-1   |   URL:http://www.ubuntu.com/usn/usn-588-1   |   BID:24011   |   URL:http://www.securityfocus.com/bid/24011   |   OSVDB:34765   |   URL:http://osvdb.org/34765   |   OVAL:oval:org.mitre.oval:def:9166   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9166   |   SECUNIA:30351   |   URL:http://secunia.com/advisories/30351   |   VUPEN:ADV-2007-1804   |   URL:http://www.vupen.com/english/advisories/2007/1804   |   SECTRACK:1018070   |   URL:http://www.securitytracker.com/id?1018070   |   SECUNIA:25301   |   URL:http://secunia.com/advisories/25301   |   SECUNIA:26073   |   URL:http://secunia.com/advisories/26073   |   SECUNIA:26430   |   URL:http://secunia.com/advisories/26430   |   SECUNIA:27823   |   URL:http://secunia.com/advisories/27823   |   SECUNIA:28637   |   URL:http://secunia.com/advisories/28637   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:29443   |   URL:http://secunia.com/advisories/29443   |   XF:mysql-changedb-privilege-escalation(34348)   |   URL:http://xforce.iss.net/xforce/xfdb/34348";Assigned (20070515);"None (candidate not yet proposed)"; | ||||
| 5.0.44;5;0;44;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded   |   MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released!   |   URL:http://lists.mysql.com/announce/470   |   MISC:http://bugs.mysql.com/bug.php?id=27337   |   CONFIRM:https://issues.rpath.com/browse/RPL-1536   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html   |   DEBIAN:DSA-1413   |   URL:http://www.debian.org/security/2007/dsa-1413   |   MANDRIVA:MDVSA-2008:028   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028   |   REDHAT:RHSA-2007:0894   |   URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html   |   REDHAT:RHSA-2008:0364   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-588-1   |   URL:http://www.ubuntu.com/usn/usn-588-1   |   BID:24011   |   URL:http://www.securityfocus.com/bid/24011   |   OSVDB:34765   |   URL:http://osvdb.org/34765   |   OVAL:oval:org.mitre.oval:def:9166   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9166   |   SECUNIA:30351   |   URL:http://secunia.com/advisories/30351   |   VUPEN:ADV-2007-1804   |   URL:http://www.vupen.com/english/advisories/2007/1804   |   SECTRACK:1018070   |   URL:http://www.securitytracker.com/id?1018070   |   SECUNIA:25301   |   URL:http://secunia.com/advisories/25301   |   SECUNIA:26073   |   URL:http://secunia.com/advisories/26073   |   SECUNIA:26430   |   URL:http://secunia.com/advisories/26430   |   SECUNIA:27823   |   URL:http://secunia.com/advisories/27823   |   SECUNIA:28637   |   URL:http://secunia.com/advisories/28637   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:29443   |   URL:http://secunia.com/advisories/29443   |   XF:mysql-changedb-privilege-escalation(34348)   |   URL:http://xforce.iss.net/xforce/xfdb/34348";Assigned (20070515);"None (candidate not yet proposed)"; | ||||
| 5.0.44;5;0;44;CVE-2007-3780;Candidate;"MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded   |   MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released!   |   URL:http://lists.mysql.com/announce/470   |   MISC:http://bugs.mysql.com/bug.php?id=28984   |   CONFIRM:https://issues.rpath.com/browse/RPL-1536   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html   |   CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html   |   DEBIAN:DSA-1413   |   URL:http://www.debian.org/security/2007/dsa-1413   |   GENTOO:GLSA-200708-10   |   URL:http://security.gentoo.org/glsa/glsa-200708-10.xml   |   MANDRIVA:MDKSA-2007:177   |   URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:177   |   REDHAT:RHSA-2007:0894   |   URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html   |   REDHAT:RHSA-2007:0875   |   URL:http://www.redhat.com/support/errata/RHSA-2007-0875.html   |   SUSE:SUSE-SR:2007:019   |   URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html   |   UBUNTU:USN-528-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1   |   BID:25017   |   URL:http://www.securityfocus.com/bid/25017   |   OSVDB:36732   |   URL:http://osvdb.org/36732   |   OVAL:oval:org.mitre.oval:def:11058   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11058   |   VUPEN:ADV-2008-1000   |   URL:http://www.vupen.com/english/advisories/2008/1000/references   |   SECTRACK:1018629   |   URL:http://www.securitytracker.com/id?1018629   |   SECUNIA:26073   |   URL:http://secunia.com/advisories/26073   |   SECUNIA:26498   |   URL:http://secunia.com/advisories/26498   |   SECUNIA:26710   |   URL:http://secunia.com/advisories/26710   |   SECUNIA:25301   |   URL:http://secunia.com/advisories/25301   |   SECUNIA:26987   |   URL:http://secunia.com/advisories/26987   |   SECUNIA:26621   |   URL:http://secunia.com/advisories/26621   |   SECUNIA:27155   |   URL:http://secunia.com/advisories/27155   |   SECUNIA:26430   |   URL:http://secunia.com/advisories/26430   |   SECUNIA:27823   |   URL:http://secunia.com/advisories/27823";Assigned (20070715);"None (candidate not yet proposed)"; | ||||
| 5.0.44;5;0;44;CVE-2007-3781;Candidate;"MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement; which allows remote authenticated users to obtain sensitive information such as the table structure.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded   |   MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released!   |   URL:http://lists.mysql.com/announce/470   |   MISC:http://bugs.mysql.com/bug.php?id=25578   |   CONFIRM:https://issues.rpath.com/browse/RPL-1536   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html   |   DEBIAN:DSA-1451   |   URL:http://www.debian.org/security/2008/dsa-1451   |   GENTOO:GLSA-200708-10   |   URL:http://security.gentoo.org/glsa/glsa-200708-10.xml   |   MANDRIVA:MDKSA-2007:243   |   URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243   |   REDHAT:RHSA-2007:0894   |   URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html   |   REDHAT:RHSA-2008:0364   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html   |   SLACKWARE:SSA:2007-348-01   |   URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959   |   UBUNTU:USN-559-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1   |   BID:25017   |   URL:http://www.securityfocus.com/bid/25017   |   OSVDB:37783   |   URL:http://osvdb.org/37783   |   OVAL:oval:org.mitre.oval:def:9195   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9195   |   SECUNIA:26073   |   URL:http://secunia.com/advisories/26073   |   SECUNIA:26498   |   URL:http://secunia.com/advisories/26498   |   SECUNIA:25301   |   URL:http://secunia.com/advisories/25301   |   SECUNIA:26987   |   URL:http://secunia.com/advisories/26987   |   SECUNIA:26430   |   URL:http://secunia.com/advisories/26430   |   SECUNIA:28040   |   URL:http://secunia.com/advisories/28040   |   SECUNIA:28108   |   URL:http://secunia.com/advisories/28108   |   SECUNIA:28128   |   URL:http://secunia.com/advisories/28128   |   SECUNIA:28343   |   URL:http://secunia.com/advisories/28343   |   SECUNIA:30351   |   URL:http://secunia.com/advisories/30351";Assigned (20070715);"None (candidate not yet proposed)"; | ||||
| 5.0.44;5;0;44;CVE-2007-3782;Candidate;"MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded   |   MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released!   |   URL:http://lists.mysql.com/announce/470   |   CONFIRM:https://issues.rpath.com/browse/RPL-1536   |   CONFIRM:http://bugs.mysql.com/bug.php?id=27878   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html   |   DEBIAN:DSA-1413   |   URL:http://www.debian.org/security/2007/dsa-1413   |   MANDRIVA:MDKSA-2007:177   |   URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:177   |   REDHAT:RHSA-2007:0894   |   URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html   |   REDHAT:RHSA-2008:0364   |   URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html   |   SUSE:SUSE-SR:2007:019   |   URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html   |   UBUNTU:USN-528-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1   |   BID:25017   |   URL:http://www.securityfocus.com/bid/25017   |   OVAL:oval:org.mitre.oval:def:10563   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10563   |   SECTRACK:1018663   |   URL:http://securitytracker.com/id?1018663   |   SECUNIA:26073   |   URL:http://secunia.com/advisories/26073   |   SECUNIA:26710   |   URL:http://secunia.com/advisories/26710   |   SECUNIA:25301   |   URL:http://secunia.com/advisories/25301   |   SECUNIA:26987   |   URL:http://secunia.com/advisories/26987   |   SECUNIA:27155   |   URL:http://secunia.com/advisories/27155   |   SECUNIA:26430   |   URL:http://secunia.com/advisories/26430   |   SECUNIA:27823   |   URL:http://secunia.com/advisories/27823   |   SECUNIA:30351   |   URL:http://secunia.com/advisories/30351";Assigned (20070715);"None (candidate not yet proposed)"; | ||||
| 5.0.50;5;0;50;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded   |   MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released   |   URL:http://lists.mysql.com/announce/495   |   CONFIRM:http://bugs.mysql.com/32111   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html   |   CONFIRM:http://forums.mysql.com/read.php?3;186931;186931   |   CONFIRM:https://issues.rpath.com/browse/RPL-1999   |   CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html   |   CONFIRM:http://support.apple.com/kb/HT3216   |   APPLE:APPLE-SA-2008-10-09   |   URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html   |   DEBIAN:DSA-1451   |   URL:http://www.debian.org/security/2008/dsa-1451   |   FEDORA:FEDORA-2007-4465   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html   |   FEDORA:FEDORA-2007-4471   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html   |   GENTOO:GLSA-200804-04   |   URL:http://security.gentoo.org/glsa/glsa-200804-04.xml   |   MANDRIVA:MDKSA-2007:243   |   URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243   |   REDHAT:RHSA-2007:1155   |   URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html   |   REDHAT:RHSA-2007:1157   |   URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html   |   SLACKWARE:SSA:2007-348-01   |   URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-559-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1   |   BID:26765   |   URL:http://www.securityfocus.com/bid/26765   |   BID:31681   |   URL:http://www.securityfocus.com/bid/31681   |   OVAL:oval:org.mitre.oval:def:10509   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509   |   VUPEN:ADV-2007-4142   |   URL:http://www.vupen.com/english/advisories/2007/4142   |   VUPEN:ADV-2007-4198   |   URL:http://www.vupen.com/english/advisories/2007/4198   |   VUPEN:ADV-2008-0560   |   URL:http://www.vupen.com/english/advisories/2008/0560/references   |   VUPEN:ADV-2008-1000   |   URL:http://www.vupen.com/english/advisories/2008/1000/references   |   VUPEN:ADV-2008-2780   |   URL:http://www.vupen.com/english/advisories/2008/2780   |   SECTRACK:1019060   |   URL:http://www.securitytracker.com/id?1019060   |   SECUNIA:27981   |   URL:http://secunia.com/advisories/27981   |   SECUNIA:28040   |   URL:http://secunia.com/advisories/28040   |   SECUNIA:28063   |   URL:http://secunia.com/advisories/28063   |   SECUNIA:28025   |   URL:http://secunia.com/advisories/28025   |   SECUNIA:28108   |   URL:http://secunia.com/advisories/28108   |   SECUNIA:28099   |   URL:http://secunia.com/advisories/28099   |   SECUNIA:28128   |   URL:http://secunia.com/advisories/28128   |   SECUNIA:28343   |   URL:http://secunia.com/advisories/28343   |   SECUNIA:28559   |   URL:http://secunia.com/advisories/28559   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:29706   |   URL:http://secunia.com/advisories/29706   |   SECUNIA:32222   |   URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; | ||||
| 5.0.51;5;0;51;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded   |   MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released   |   URL:http://lists.mysql.com/announce/495   |   CONFIRM:http://bugs.mysql.com/32111   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html   |   CONFIRM:http://forums.mysql.com/read.php?3;186931;186931   |   CONFIRM:https://issues.rpath.com/browse/RPL-1999   |   CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html   |   CONFIRM:http://support.apple.com/kb/HT3216   |   APPLE:APPLE-SA-2008-10-09   |   URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html   |   DEBIAN:DSA-1451   |   URL:http://www.debian.org/security/2008/dsa-1451   |   FEDORA:FEDORA-2007-4465   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html   |   FEDORA:FEDORA-2007-4471   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html   |   GENTOO:GLSA-200804-04   |   URL:http://security.gentoo.org/glsa/glsa-200804-04.xml   |   MANDRIVA:MDKSA-2007:243   |   URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243   |   REDHAT:RHSA-2007:1155   |   URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html   |   REDHAT:RHSA-2007:1157   |   URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html   |   SLACKWARE:SSA:2007-348-01   |   URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-559-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1   |   BID:26765   |   URL:http://www.securityfocus.com/bid/26765   |   BID:31681   |   URL:http://www.securityfocus.com/bid/31681   |   OVAL:oval:org.mitre.oval:def:10509   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509   |   VUPEN:ADV-2007-4142   |   URL:http://www.vupen.com/english/advisories/2007/4142   |   VUPEN:ADV-2007-4198   |   URL:http://www.vupen.com/english/advisories/2007/4198   |   VUPEN:ADV-2008-0560   |   URL:http://www.vupen.com/english/advisories/2008/0560/references   |   VUPEN:ADV-2008-1000   |   URL:http://www.vupen.com/english/advisories/2008/1000/references   |   VUPEN:ADV-2008-2780   |   URL:http://www.vupen.com/english/advisories/2008/2780   |   SECTRACK:1019060   |   URL:http://www.securitytracker.com/id?1019060   |   SECUNIA:27981   |   URL:http://secunia.com/advisories/27981   |   SECUNIA:28040   |   URL:http://secunia.com/advisories/28040   |   SECUNIA:28063   |   URL:http://secunia.com/advisories/28063   |   SECUNIA:28025   |   URL:http://secunia.com/advisories/28025   |   SECUNIA:28108   |   URL:http://secunia.com/advisories/28108   |   SECUNIA:28099   |   URL:http://secunia.com/advisories/28099   |   SECUNIA:28128   |   URL:http://secunia.com/advisories/28128   |   SECUNIA:28343   |   URL:http://secunia.com/advisories/28343   |   SECUNIA:28559   |   URL:http://secunia.com/advisories/28559   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:29706   |   URL:http://secunia.com/advisories/29706   |   SECUNIA:32222   |   URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; | ||||
| 5.0.52;5;0;52;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded   |   MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released   |   URL:http://lists.mysql.com/announce/495   |   CONFIRM:http://bugs.mysql.com/32111   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html   |   CONFIRM:http://forums.mysql.com/read.php?3;186931;186931   |   CONFIRM:https://issues.rpath.com/browse/RPL-1999   |   CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html   |   CONFIRM:http://support.apple.com/kb/HT3216   |   APPLE:APPLE-SA-2008-10-09   |   URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html   |   DEBIAN:DSA-1451   |   URL:http://www.debian.org/security/2008/dsa-1451   |   FEDORA:FEDORA-2007-4465   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html   |   FEDORA:FEDORA-2007-4471   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html   |   GENTOO:GLSA-200804-04   |   URL:http://security.gentoo.org/glsa/glsa-200804-04.xml   |   MANDRIVA:MDKSA-2007:243   |   URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243   |   REDHAT:RHSA-2007:1155   |   URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html   |   REDHAT:RHSA-2007:1157   |   URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html   |   SLACKWARE:SSA:2007-348-01   |   URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-559-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1   |   BID:26765   |   URL:http://www.securityfocus.com/bid/26765   |   BID:31681   |   URL:http://www.securityfocus.com/bid/31681   |   OVAL:oval:org.mitre.oval:def:10509   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509   |   VUPEN:ADV-2007-4142   |   URL:http://www.vupen.com/english/advisories/2007/4142   |   VUPEN:ADV-2007-4198   |   URL:http://www.vupen.com/english/advisories/2007/4198   |   VUPEN:ADV-2008-0560   |   URL:http://www.vupen.com/english/advisories/2008/0560/references   |   VUPEN:ADV-2008-1000   |   URL:http://www.vupen.com/english/advisories/2008/1000/references   |   VUPEN:ADV-2008-2780   |   URL:http://www.vupen.com/english/advisories/2008/2780   |   SECTRACK:1019060   |   URL:http://www.securitytracker.com/id?1019060   |   SECUNIA:27981   |   URL:http://secunia.com/advisories/27981   |   SECUNIA:28040   |   URL:http://secunia.com/advisories/28040   |   SECUNIA:28063   |   URL:http://secunia.com/advisories/28063   |   SECUNIA:28025   |   URL:http://secunia.com/advisories/28025   |   SECUNIA:28108   |   URL:http://secunia.com/advisories/28108   |   SECUNIA:28099   |   URL:http://secunia.com/advisories/28099   |   SECUNIA:28128   |   URL:http://secunia.com/advisories/28128   |   SECUNIA:28343   |   URL:http://secunia.com/advisories/28343   |   SECUNIA:28559   |   URL:http://secunia.com/advisories/28559   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:29706   |   URL:http://secunia.com/advisories/29706   |   SECUNIA:32222   |   URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; | ||||
| 5.1.23;5;1;23;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded   |   MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released   |   URL:http://lists.mysql.com/announce/495   |   CONFIRM:http://bugs.mysql.com/32111   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html   |   CONFIRM:http://forums.mysql.com/read.php?3;186931;186931   |   CONFIRM:https://issues.rpath.com/browse/RPL-1999   |   CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html   |   CONFIRM:http://support.apple.com/kb/HT3216   |   APPLE:APPLE-SA-2008-10-09   |   URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html   |   DEBIAN:DSA-1451   |   URL:http://www.debian.org/security/2008/dsa-1451   |   FEDORA:FEDORA-2007-4465   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html   |   FEDORA:FEDORA-2007-4471   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html   |   GENTOO:GLSA-200804-04   |   URL:http://security.gentoo.org/glsa/glsa-200804-04.xml   |   MANDRIVA:MDKSA-2007:243   |   URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243   |   REDHAT:RHSA-2007:1155   |   URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html   |   REDHAT:RHSA-2007:1157   |   URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html   |   SLACKWARE:SSA:2007-348-01   |   URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-559-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1   |   BID:26765   |   URL:http://www.securityfocus.com/bid/26765   |   BID:31681   |   URL:http://www.securityfocus.com/bid/31681   |   OVAL:oval:org.mitre.oval:def:10509   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509   |   VUPEN:ADV-2007-4142   |   URL:http://www.vupen.com/english/advisories/2007/4142   |   VUPEN:ADV-2007-4198   |   URL:http://www.vupen.com/english/advisories/2007/4198   |   VUPEN:ADV-2008-0560   |   URL:http://www.vupen.com/english/advisories/2008/0560/references   |   VUPEN:ADV-2008-1000   |   URL:http://www.vupen.com/english/advisories/2008/1000/references   |   VUPEN:ADV-2008-2780   |   URL:http://www.vupen.com/english/advisories/2008/2780   |   SECTRACK:1019060   |   URL:http://www.securitytracker.com/id?1019060   |   SECUNIA:27981   |   URL:http://secunia.com/advisories/27981   |   SECUNIA:28040   |   URL:http://secunia.com/advisories/28040   |   SECUNIA:28063   |   URL:http://secunia.com/advisories/28063   |   SECUNIA:28025   |   URL:http://secunia.com/advisories/28025   |   SECUNIA:28108   |   URL:http://secunia.com/advisories/28108   |   SECUNIA:28099   |   URL:http://secunia.com/advisories/28099   |   SECUNIA:28128   |   URL:http://secunia.com/advisories/28128   |   SECUNIA:28343   |   URL:http://secunia.com/advisories/28343   |   SECUNIA:28559   |   URL:http://secunia.com/advisories/28559   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:29706   |   URL:http://secunia.com/advisories/29706   |   SECUNIA:32222   |   URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; | ||||
| 6.0.4;6;0;4;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded   |   MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released   |   URL:http://lists.mysql.com/announce/495   |   CONFIRM:http://bugs.mysql.com/32111   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html   |   CONFIRM:http://forums.mysql.com/read.php?3;186931;186931   |   CONFIRM:https://issues.rpath.com/browse/RPL-1999   |   CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html   |   CONFIRM:http://support.apple.com/kb/HT3216   |   APPLE:APPLE-SA-2008-10-09   |   URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html   |   DEBIAN:DSA-1451   |   URL:http://www.debian.org/security/2008/dsa-1451   |   FEDORA:FEDORA-2007-4465   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html   |   FEDORA:FEDORA-2007-4471   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html   |   GENTOO:GLSA-200804-04   |   URL:http://security.gentoo.org/glsa/glsa-200804-04.xml   |   MANDRIVA:MDKSA-2007:243   |   URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243   |   REDHAT:RHSA-2007:1155   |   URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html   |   REDHAT:RHSA-2007:1157   |   URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html   |   SLACKWARE:SSA:2007-348-01   |   URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-559-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1   |   BID:26765   |   URL:http://www.securityfocus.com/bid/26765   |   BID:31681   |   URL:http://www.securityfocus.com/bid/31681   |   OVAL:oval:org.mitre.oval:def:10509   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509   |   VUPEN:ADV-2007-4142   |   URL:http://www.vupen.com/english/advisories/2007/4142   |   VUPEN:ADV-2007-4198   |   URL:http://www.vupen.com/english/advisories/2007/4198   |   VUPEN:ADV-2008-0560   |   URL:http://www.vupen.com/english/advisories/2008/0560/references   |   VUPEN:ADV-2008-1000   |   URL:http://www.vupen.com/english/advisories/2008/1000/references   |   VUPEN:ADV-2008-2780   |   URL:http://www.vupen.com/english/advisories/2008/2780   |   SECTRACK:1019060   |   URL:http://www.securitytracker.com/id?1019060   |   SECUNIA:27981   |   URL:http://secunia.com/advisories/27981   |   SECUNIA:28040   |   URL:http://secunia.com/advisories/28040   |   SECUNIA:28063   |   URL:http://secunia.com/advisories/28063   |   SECUNIA:28025   |   URL:http://secunia.com/advisories/28025   |   SECUNIA:28108   |   URL:http://secunia.com/advisories/28108   |   SECUNIA:28099   |   URL:http://secunia.com/advisories/28099   |   SECUNIA:28128   |   URL:http://secunia.com/advisories/28128   |   SECUNIA:28343   |   URL:http://secunia.com/advisories/28343   |   SECUNIA:28559   |   URL:http://secunia.com/advisories/28559   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:29706   |   URL:http://secunia.com/advisories/29706   |   SECUNIA:32222   |   URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; | ||||
| 5.0.51;5;0;51;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded   |   CONFIRM:http://bugs.mysql.com/bug.php?id=29908   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html   |   CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html   |   CONFIRM:http://lists.mysql.com/announce/502   |   CONFIRM:https://issues.rpath.com/browse/RPL-2187   |   CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040   |   FEDORA:FEDORA-2007-4465   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html   |   FEDORA:FEDORA-2007-4471   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html   |   GENTOO:GLSA-200804-04   |   URL:http://security.gentoo.org/glsa/glsa-200804-04.xml   |   MANDRIVA:MDVSA-2008:017   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017   |   REDHAT:RHSA-2007:1157   |   URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-588-1   |   URL:http://www.ubuntu.com/usn/usn-588-1   |   BID:26832   |   URL:http://www.securityfocus.com/bid/26832   |   VUPEN:ADV-2007-4198   |   URL:http://www.vupen.com/english/advisories/2007/4198   |   SECTRACK:1019085   |   URL:http://securitytracker.com/id?1019085   |   SECUNIA:28063   |   URL:http://secunia.com/advisories/28063   |   SECUNIA:28025   |   URL:http://secunia.com/advisories/28025   |   SECUNIA:28739   |   URL:http://secunia.com/advisories/28739   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:29443   |   URL:http://secunia.com/advisories/29443   |   SECUNIA:29706   |   URL:http://secunia.com/advisories/29706   |   XF:mysql-definer-value-privilege-escalation(38989)   |   URL:http://xforce.iss.net/xforce/xfdb/38989";Assigned (20071210);"None (candidate not yet proposed)"; | ||||
| 5.1.23;5;1;23;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded   |   CONFIRM:http://bugs.mysql.com/bug.php?id=29908   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html   |   CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html   |   CONFIRM:http://lists.mysql.com/announce/502   |   CONFIRM:https://issues.rpath.com/browse/RPL-2187   |   CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040   |   FEDORA:FEDORA-2007-4465   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html   |   FEDORA:FEDORA-2007-4471   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html   |   GENTOO:GLSA-200804-04   |   URL:http://security.gentoo.org/glsa/glsa-200804-04.xml   |   MANDRIVA:MDVSA-2008:017   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017   |   REDHAT:RHSA-2007:1157   |   URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-588-1   |   URL:http://www.ubuntu.com/usn/usn-588-1   |   BID:26832   |   URL:http://www.securityfocus.com/bid/26832   |   VUPEN:ADV-2007-4198   |   URL:http://www.vupen.com/english/advisories/2007/4198   |   SECTRACK:1019085   |   URL:http://securitytracker.com/id?1019085   |   SECUNIA:28063   |   URL:http://secunia.com/advisories/28063   |   SECUNIA:28025   |   URL:http://secunia.com/advisories/28025   |   SECUNIA:28739   |   URL:http://secunia.com/advisories/28739   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:29443   |   URL:http://secunia.com/advisories/29443   |   SECUNIA:29706   |   URL:http://secunia.com/advisories/29706   |   XF:mysql-definer-value-privilege-escalation(38989)   |   URL:http://xforce.iss.net/xforce/xfdb/38989";Assigned (20071210);"None (candidate not yet proposed)"; | ||||
| 6.0.4;6;0;4;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded   |   CONFIRM:http://bugs.mysql.com/bug.php?id=29908   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html   |   CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html   |   CONFIRM:http://lists.mysql.com/announce/502   |   CONFIRM:https://issues.rpath.com/browse/RPL-2187   |   CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040   |   FEDORA:FEDORA-2007-4465   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html   |   FEDORA:FEDORA-2007-4471   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html   |   GENTOO:GLSA-200804-04   |   URL:http://security.gentoo.org/glsa/glsa-200804-04.xml   |   MANDRIVA:MDVSA-2008:017   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017   |   REDHAT:RHSA-2007:1157   |   URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-588-1   |   URL:http://www.ubuntu.com/usn/usn-588-1   |   BID:26832   |   URL:http://www.securityfocus.com/bid/26832   |   VUPEN:ADV-2007-4198   |   URL:http://www.vupen.com/english/advisories/2007/4198   |   SECTRACK:1019085   |   URL:http://securitytracker.com/id?1019085   |   SECUNIA:28063   |   URL:http://secunia.com/advisories/28063   |   SECUNIA:28025   |   URL:http://secunia.com/advisories/28025   |   SECUNIA:28739   |   URL:http://secunia.com/advisories/28739   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:29443   |   URL:http://secunia.com/advisories/29443   |   SECUNIA:29706   |   URL:http://secunia.com/advisories/29706   |   XF:mysql-definer-value-privilege-escalation(38989)   |   URL:http://xforce.iss.net/xforce/xfdb/38989";Assigned (20071210);"None (candidate not yet proposed)"; | ||||
| 5.0.51;5;0;51;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded   |   CONFIRM:http://bugs.mysql.com/bug.php?id=29801   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html   |   CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html   |   CONFIRM:http://lists.mysql.com/announce/502   |   CONFIRM:https://issues.rpath.com/browse/RPL-2187   |   CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040   |   DEBIAN:DSA-1451   |   URL:http://www.debian.org/security/2008/dsa-1451   |   GENTOO:GLSA-200804-04   |   URL:http://security.gentoo.org/glsa/glsa-200804-04.xml   |   MANDRIVA:MDVSA-2008:017   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017   |   MANDRIVA:MDVSA-2008:028   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-559-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1   |   BID:26832   |   URL:http://www.securityfocus.com/bid/26832   |   OSVDB:42609   |   URL:http://osvdb.org/42609   |   VUPEN:ADV-2007-4198   |   URL:http://www.vupen.com/english/advisories/2007/4198   |   SECTRACK:1019085   |   URL:http://securitytracker.com/id?1019085   |   SECUNIA:28063   |   URL:http://secunia.com/advisories/28063   |   SECUNIA:28128   |   URL:http://secunia.com/advisories/28128   |   SECUNIA:28343   |   URL:http://secunia.com/advisories/28343   |   SECUNIA:28637   |   URL:http://secunia.com/advisories/28637   |   SECUNIA:28739   |   URL:http://secunia.com/advisories/28739   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:29706   |   URL:http://secunia.com/advisories/29706   |   XF:mysql-federated-engine-dos(38990)   |   URL:http://xforce.iss.net/xforce/xfdb/38990";Assigned (20071210);"None (candidate not yet proposed)"; | ||||
| 5.1.23;5;1;23;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded   |   CONFIRM:http://bugs.mysql.com/bug.php?id=29801   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html   |   CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html   |   CONFIRM:http://lists.mysql.com/announce/502   |   CONFIRM:https://issues.rpath.com/browse/RPL-2187   |   CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040   |   DEBIAN:DSA-1451   |   URL:http://www.debian.org/security/2008/dsa-1451   |   GENTOO:GLSA-200804-04   |   URL:http://security.gentoo.org/glsa/glsa-200804-04.xml   |   MANDRIVA:MDVSA-2008:017   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017   |   MANDRIVA:MDVSA-2008:028   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-559-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1   |   BID:26832   |   URL:http://www.securityfocus.com/bid/26832   |   OSVDB:42609   |   URL:http://osvdb.org/42609   |   VUPEN:ADV-2007-4198   |   URL:http://www.vupen.com/english/advisories/2007/4198   |   SECTRACK:1019085   |   URL:http://securitytracker.com/id?1019085   |   SECUNIA:28063   |   URL:http://secunia.com/advisories/28063   |   SECUNIA:28128   |   URL:http://secunia.com/advisories/28128   |   SECUNIA:28343   |   URL:http://secunia.com/advisories/28343   |   SECUNIA:28637   |   URL:http://secunia.com/advisories/28637   |   SECUNIA:28739   |   URL:http://secunia.com/advisories/28739   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:29706   |   URL:http://secunia.com/advisories/29706   |   XF:mysql-federated-engine-dos(38990)   |   URL:http://xforce.iss.net/xforce/xfdb/38990";Assigned (20071210);"None (candidate not yet proposed)"; | ||||
| 6.0.4;6;0;4;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded   |   CONFIRM:http://bugs.mysql.com/bug.php?id=29801   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html   |   CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html   |   CONFIRM:http://lists.mysql.com/announce/502   |   CONFIRM:https://issues.rpath.com/browse/RPL-2187   |   CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040   |   DEBIAN:DSA-1451   |   URL:http://www.debian.org/security/2008/dsa-1451   |   GENTOO:GLSA-200804-04   |   URL:http://security.gentoo.org/glsa/glsa-200804-04.xml   |   MANDRIVA:MDVSA-2008:017   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017   |   MANDRIVA:MDVSA-2008:028   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-559-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1   |   BID:26832   |   URL:http://www.securityfocus.com/bid/26832   |   OSVDB:42609   |   URL:http://osvdb.org/42609   |   VUPEN:ADV-2007-4198   |   URL:http://www.vupen.com/english/advisories/2007/4198   |   SECTRACK:1019085   |   URL:http://securitytracker.com/id?1019085   |   SECUNIA:28063   |   URL:http://secunia.com/advisories/28063   |   SECUNIA:28128   |   URL:http://secunia.com/advisories/28128   |   SECUNIA:28343   |   URL:http://secunia.com/advisories/28343   |   SECUNIA:28637   |   URL:http://secunia.com/advisories/28637   |   SECUNIA:28739   |   URL:http://secunia.com/advisories/28739   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:29706   |   URL:http://secunia.com/advisories/29706   |   XF:mysql-federated-engine-dos(38990)   |   URL:http://xforce.iss.net/xforce/xfdb/38990";Assigned (20071210);"None (candidate not yet proposed)"; | ||||
| 5.1.23;5;1;23;CVE-2007-6313;Candidate;"MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG; which allows remote authorized users to execute arbitrary BINLOG statements.";"CONFIRM:http://bugs.mysql.com/31611   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html   |   SECTRACK:1019083   |   URL:http://www.securitytracker.com/id?1019083   |   VUPEN:ADV-2008-0560   |   URL:http://www.vupen.com/english/advisories/2008/0560/references   |   OSVDB:43179   |   URL:http://osvdb.org/43179";Assigned (20071211);"None (candidate not yet proposed)"; | ||||
| 6.0.4;6;0;4;CVE-2007-6313;Candidate;"MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG; which allows remote authorized users to execute arbitrary BINLOG statements.";"CONFIRM:http://bugs.mysql.com/31611   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html   |   SECTRACK:1019083   |   URL:http://www.securitytracker.com/id?1019083   |   VUPEN:ADV-2008-0560   |   URL:http://www.vupen.com/english/advisories/2008/0560/references   |   OSVDB:43179   |   URL:http://osvdb.org/43179";Assigned (20071211);"None (candidate not yet proposed)"; | ||||
| 5.0.66;5;0;66;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash   |   URL:http://www.openwall.com/lists/oss-security/2008/09/09/4   |   MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash   |   URL:http://www.openwall.com/lists/oss-security/2008/09/09/7   |   CONFIRM:http://bugs.mysql.com/bug.php?id=35658   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html   |   CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html   |   CONFIRM:https://bugs.gentoo.org/237166   |   DEBIAN:DSA-1783   |   URL:http://www.debian.org/security/2009/dsa-1783   |   MANDRIVA:MDVSA-2009:094   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094   |   REDHAT:RHSA-2009:1067   |   URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html   |   REDHAT:RHSA-2009:1289   |   URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html   |   SUSE:SUSE-SR:2008:025   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html   |   UBUNTU:USN-671-1   |   URL:http://www.ubuntu.com/usn/USN-671-1   |   OVAL:oval:org.mitre.oval:def:10521   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10521   |   SECUNIA:34907   |   URL:http://secunia.com/advisories/34907   |   SECUNIA:32769   |   URL:http://secunia.com/advisories/32769   |   SECUNIA:36566   |   URL:http://secunia.com/advisories/36566   |   VUPEN:ADV-2008-2554   |   URL:http://www.vupen.com/english/advisories/2008/2554   |   SECTRACK:1020858   |   URL:http://www.securitytracker.com/id?1020858   |   SECUNIA:31769   |   URL:http://secunia.com/advisories/31769   |   SECUNIA:32759   |   URL:http://secunia.com/advisories/32759   |   XF:mysql-bitstring-dos(45042)   |   URL:http://xforce.iss.net/xforce/xfdb/45042";Assigned (20080909);"None (candidate not yet proposed)"; | ||||
| 5.1.26;5;1;26;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash   |   URL:http://www.openwall.com/lists/oss-security/2008/09/09/4   |   MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash   |   URL:http://www.openwall.com/lists/oss-security/2008/09/09/7   |   CONFIRM:http://bugs.mysql.com/bug.php?id=35658   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html   |   CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html   |   CONFIRM:https://bugs.gentoo.org/237166   |   DEBIAN:DSA-1783   |   URL:http://www.debian.org/security/2009/dsa-1783   |   MANDRIVA:MDVSA-2009:094   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094   |   REDHAT:RHSA-2009:1067   |   URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html   |   REDHAT:RHSA-2009:1289   |   URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html   |   SUSE:SUSE-SR:2008:025   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html   |   UBUNTU:USN-671-1   |   URL:http://www.ubuntu.com/usn/USN-671-1   |   OVAL:oval:org.mitre.oval:def:10521   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10521   |   SECUNIA:34907   |   URL:http://secunia.com/advisories/34907   |   SECUNIA:32769   |   URL:http://secunia.com/advisories/32769   |   SECUNIA:36566   |   URL:http://secunia.com/advisories/36566   |   VUPEN:ADV-2008-2554   |   URL:http://www.vupen.com/english/advisories/2008/2554   |   SECTRACK:1020858   |   URL:http://www.securitytracker.com/id?1020858   |   SECUNIA:31769   |   URL:http://secunia.com/advisories/31769   |   SECUNIA:32759   |   URL:http://secunia.com/advisories/32759   |   XF:mysql-bitstring-dos(45042)   |   URL:http://xforce.iss.net/xforce/xfdb/45042";Assigned (20080909);"None (candidate not yet proposed)"; | ||||
| 6.0.6;6;0;6;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash   |   URL:http://www.openwall.com/lists/oss-security/2008/09/09/4   |   MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash   |   URL:http://www.openwall.com/lists/oss-security/2008/09/09/7   |   CONFIRM:http://bugs.mysql.com/bug.php?id=35658   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html   |   CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html   |   CONFIRM:https://bugs.gentoo.org/237166   |   DEBIAN:DSA-1783   |   URL:http://www.debian.org/security/2009/dsa-1783   |   MANDRIVA:MDVSA-2009:094   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094   |   REDHAT:RHSA-2009:1067   |   URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html   |   REDHAT:RHSA-2009:1289   |   URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html   |   SUSE:SUSE-SR:2008:025   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html   |   UBUNTU:USN-671-1   |   URL:http://www.ubuntu.com/usn/USN-671-1   |   OVAL:oval:org.mitre.oval:def:10521   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10521   |   SECUNIA:34907   |   URL:http://secunia.com/advisories/34907   |   SECUNIA:32769   |   URL:http://secunia.com/advisories/32769   |   SECUNIA:36566   |   URL:http://secunia.com/advisories/36566   |   VUPEN:ADV-2008-2554   |   URL:http://www.vupen.com/english/advisories/2008/2554   |   SECTRACK:1020858   |   URL:http://www.securitytracker.com/id?1020858   |   SECUNIA:31769   |   URL:http://secunia.com/advisories/31769   |   SECUNIA:32759   |   URL:http://secunia.com/advisories/32759   |   XF:mysql-bitstring-dos(45042)   |   URL:http://xforce.iss.net/xforce/xfdb/45042";Assigned (20080909);"None (candidate not yet proposed)"; | ||||
| 5.0.88;5;0;88;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"MLIST:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320   |   URL:http://lists.mysql.com/commits/87446   |   MLIST:[oss-security] 20091119 mysql-5.1.41   |   URL:http://www.openwall.com/lists/oss-security/2009/11/19/3   |   MLIST:[oss-security] 20091121 CVE Request - MySQL - 5.0.88   |   URL:http://marc.info/?l=oss-security&m=125881733826437&w=2   |   MLIST:[oss-security] 20091123 Re: mysql-5.1.41   |   URL:http://www.openwall.com/lists/oss-security/2009/11/23/16   |   CONFIRM:http://bugs.mysql.com/47320   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html   |   REDHAT:RHSA-2010:0109   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html   |   SUSE:SUSE-SR:2010:011   |   URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html   |   OVAL:oval:org.mitre.oval:def:10940   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10940   |   OVAL:oval:org.mitre.oval:def:8510   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8510   |   VUPEN:ADV-2010-1107   |   URL:http://www.vupen.com/english/advisories/2010/1107";Assigned (20091120);"None (candidate not yet proposed)"; | ||||
| 5.1.41;5;1;41;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"MLIST:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320   |   URL:http://lists.mysql.com/commits/87446   |   MLIST:[oss-security] 20091119 mysql-5.1.41   |   URL:http://www.openwall.com/lists/oss-security/2009/11/19/3   |   MLIST:[oss-security] 20091121 CVE Request - MySQL - 5.0.88   |   URL:http://marc.info/?l=oss-security&m=125881733826437&w=2   |   MLIST:[oss-security] 20091123 Re: mysql-5.1.41   |   URL:http://www.openwall.com/lists/oss-security/2009/11/23/16   |   CONFIRM:http://bugs.mysql.com/47320   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html   |   REDHAT:RHSA-2010:0109   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html   |   SUSE:SUSE-SR:2010:011   |   URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html   |   OVAL:oval:org.mitre.oval:def:10940   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10940   |   OVAL:oval:org.mitre.oval:def:8510   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8510   |   VUPEN:ADV-2010-1107   |   URL:http://www.vupen.com/english/advisories/2010/1107";Assigned (20091120);"None (candidate not yet proposed)"; | ||||
| 1.9.9;1;9;9;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos   |   URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html   |   MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227   |   URL:http://lists.mysql.com/commits/96697   |   MLIST:[dailydave] 20100126 New db bugs   |   URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html   |   MISC:http://intevydis.com/vd-list.shtml   |   MISC:http://www.intevydis.com/blog/?p=57   |   MISC:http://intevydis.com/mysql_demo.html   |   MISC:http://isc.sans.org/diary.html?storyid=7900   |   MISC:http://www.intevydis.com/blog/?p=106   |   MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html   |   MISC:http://intevydis.com/mysql_overflow1.py.txt   |   MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname   |   CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1   |   CONFIRM:http://bugs.mysql.com/bug.php?id=50227   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html   |   CONFIRM:http://www.yassl.com/news.html#yassl199   |   CONFIRM:http://www.yassl.com/release.html   |   CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313   |   DEBIAN:DSA-1997   |   URL:http://www.debian.org/security/2010/dsa-1997   |   UBUNTU:USN-897-1   |   URL:http://ubuntu.com/usn/usn-897-1   |   BID:37640   |   URL:http://www.securityfocus.com/bid/37640   |   BID:37943   |   URL:http://www.securityfocus.com/bid/37943   |   BID:37974   |   URL:http://www.securityfocus.com/bid/37974   |   OSVDB:61956   |   URL:http://www.osvdb.org/61956   |   SECTRACK:1023402   |   URL:http://securitytracker.com/id?1023402   |   SECTRACK:1023513   |   URL:http://securitytracker.com/id?1023513   |   SECUNIA:37493   |   URL:http://secunia.com/advisories/37493   |   SECUNIA:38344   |   URL:http://secunia.com/advisories/38344   |   SECUNIA:38364   |   URL:http://secunia.com/advisories/38364   |   SECUNIA:38573   |   URL:http://secunia.com/advisories/38573   |   SECUNIA:38517   |   URL:http://secunia.com/advisories/38517   |   VUPEN:ADV-2010-0233   |   URL:http://www.vupen.com/english/advisories/2010/0233   |   VUPEN:ADV-2010-0236   |   URL:http://www.vupen.com/english/advisories/2010/0236   |   XF:mysql-unspecified-bo(55416)   |   URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; | ||||
| 5.0.90;5;0;90;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos   |   URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html   |   MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227   |   URL:http://lists.mysql.com/commits/96697   |   MLIST:[dailydave] 20100126 New db bugs   |   URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html   |   MISC:http://intevydis.com/vd-list.shtml   |   MISC:http://www.intevydis.com/blog/?p=57   |   MISC:http://intevydis.com/mysql_demo.html   |   MISC:http://isc.sans.org/diary.html?storyid=7900   |   MISC:http://www.intevydis.com/blog/?p=106   |   MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html   |   MISC:http://intevydis.com/mysql_overflow1.py.txt   |   MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname   |   CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1   |   CONFIRM:http://bugs.mysql.com/bug.php?id=50227   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html   |   CONFIRM:http://www.yassl.com/news.html#yassl199   |   CONFIRM:http://www.yassl.com/release.html   |   CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313   |   DEBIAN:DSA-1997   |   URL:http://www.debian.org/security/2010/dsa-1997   |   UBUNTU:USN-897-1   |   URL:http://ubuntu.com/usn/usn-897-1   |   BID:37640   |   URL:http://www.securityfocus.com/bid/37640   |   BID:37943   |   URL:http://www.securityfocus.com/bid/37943   |   BID:37974   |   URL:http://www.securityfocus.com/bid/37974   |   OSVDB:61956   |   URL:http://www.osvdb.org/61956   |   SECTRACK:1023402   |   URL:http://securitytracker.com/id?1023402   |   SECTRACK:1023513   |   URL:http://securitytracker.com/id?1023513   |   SECUNIA:37493   |   URL:http://secunia.com/advisories/37493   |   SECUNIA:38344   |   URL:http://secunia.com/advisories/38344   |   SECUNIA:38364   |   URL:http://secunia.com/advisories/38364   |   SECUNIA:38573   |   URL:http://secunia.com/advisories/38573   |   SECUNIA:38517   |   URL:http://secunia.com/advisories/38517   |   VUPEN:ADV-2010-0233   |   URL:http://www.vupen.com/english/advisories/2010/0233   |   VUPEN:ADV-2010-0236   |   URL:http://www.vupen.com/english/advisories/2010/0236   |   XF:mysql-unspecified-bo(55416)   |   URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; | ||||
| 5.1.43;5;1;43;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos   |   URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html   |   MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227   |   URL:http://lists.mysql.com/commits/96697   |   MLIST:[dailydave] 20100126 New db bugs   |   URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html   |   MISC:http://intevydis.com/vd-list.shtml   |   MISC:http://www.intevydis.com/blog/?p=57   |   MISC:http://intevydis.com/mysql_demo.html   |   MISC:http://isc.sans.org/diary.html?storyid=7900   |   MISC:http://www.intevydis.com/blog/?p=106   |   MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html   |   MISC:http://intevydis.com/mysql_overflow1.py.txt   |   MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname   |   CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1   |   CONFIRM:http://bugs.mysql.com/bug.php?id=50227   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html   |   CONFIRM:http://www.yassl.com/news.html#yassl199   |   CONFIRM:http://www.yassl.com/release.html   |   CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313   |   DEBIAN:DSA-1997   |   URL:http://www.debian.org/security/2010/dsa-1997   |   UBUNTU:USN-897-1   |   URL:http://ubuntu.com/usn/usn-897-1   |   BID:37640   |   URL:http://www.securityfocus.com/bid/37640   |   BID:37943   |   URL:http://www.securityfocus.com/bid/37943   |   BID:37974   |   URL:http://www.securityfocus.com/bid/37974   |   OSVDB:61956   |   URL:http://www.osvdb.org/61956   |   SECTRACK:1023402   |   URL:http://securitytracker.com/id?1023402   |   SECTRACK:1023513   |   URL:http://securitytracker.com/id?1023513   |   SECUNIA:37493   |   URL:http://secunia.com/advisories/37493   |   SECUNIA:38344   |   URL:http://secunia.com/advisories/38344   |   SECUNIA:38364   |   URL:http://secunia.com/advisories/38364   |   SECUNIA:38573   |   URL:http://secunia.com/advisories/38573   |   SECUNIA:38517   |   URL:http://secunia.com/advisories/38517   |   VUPEN:ADV-2010-0233   |   URL:http://www.vupen.com/english/advisories/2010/0233   |   VUPEN:ADV-2010-0236   |   URL:http://www.vupen.com/english/advisories/2010/0236   |   XF:mysql-unspecified-bo(55416)   |   URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; | ||||
| 5.5.0;5;5;0;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos   |   URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html   |   MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227   |   URL:http://lists.mysql.com/commits/96697   |   MLIST:[dailydave] 20100126 New db bugs   |   URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html   |   MISC:http://intevydis.com/vd-list.shtml   |   MISC:http://www.intevydis.com/blog/?p=57   |   MISC:http://intevydis.com/mysql_demo.html   |   MISC:http://isc.sans.org/diary.html?storyid=7900   |   MISC:http://www.intevydis.com/blog/?p=106   |   MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html   |   MISC:http://intevydis.com/mysql_overflow1.py.txt   |   MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname   |   CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1   |   CONFIRM:http://bugs.mysql.com/bug.php?id=50227   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html   |   CONFIRM:http://www.yassl.com/news.html#yassl199   |   CONFIRM:http://www.yassl.com/release.html   |   CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313   |   DEBIAN:DSA-1997   |   URL:http://www.debian.org/security/2010/dsa-1997   |   UBUNTU:USN-897-1   |   URL:http://ubuntu.com/usn/usn-897-1   |   BID:37640   |   URL:http://www.securityfocus.com/bid/37640   |   BID:37943   |   URL:http://www.securityfocus.com/bid/37943   |   BID:37974   |   URL:http://www.securityfocus.com/bid/37974   |   OSVDB:61956   |   URL:http://www.osvdb.org/61956   |   SECTRACK:1023402   |   URL:http://securitytracker.com/id?1023402   |   SECTRACK:1023513   |   URL:http://securitytracker.com/id?1023513   |   SECUNIA:37493   |   URL:http://secunia.com/advisories/37493   |   SECUNIA:38344   |   URL:http://secunia.com/advisories/38344   |   SECUNIA:38364   |   URL:http://secunia.com/advisories/38364   |   SECUNIA:38573   |   URL:http://secunia.com/advisories/38573   |   SECUNIA:38517   |   URL:http://secunia.com/advisories/38517   |   VUPEN:ADV-2010-0233   |   URL:http://www.vupen.com/english/advisories/2010/0233   |   VUPEN:ADV-2010-0236   |   URL:http://www.vupen.com/english/advisories/2010/0236   |   XF:mysql-unspecified-bo(55416)   |   URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; | ||||
| 5.0.51;5;0;51;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos   |   URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html   |   MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227   |   URL:http://lists.mysql.com/commits/96697   |   MLIST:[dailydave] 20100126 New db bugs   |   URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html   |   MISC:http://intevydis.com/vd-list.shtml   |   MISC:http://www.intevydis.com/blog/?p=57   |   MISC:http://intevydis.com/mysql_demo.html   |   MISC:http://isc.sans.org/diary.html?storyid=7900   |   MISC:http://www.intevydis.com/blog/?p=106   |   MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html   |   MISC:http://intevydis.com/mysql_overflow1.py.txt   |   MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname   |   CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1   |   CONFIRM:http://bugs.mysql.com/bug.php?id=50227   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html   |   CONFIRM:http://www.yassl.com/news.html#yassl199   |   CONFIRM:http://www.yassl.com/release.html   |   CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313   |   DEBIAN:DSA-1997   |   URL:http://www.debian.org/security/2010/dsa-1997   |   UBUNTU:USN-897-1   |   URL:http://ubuntu.com/usn/usn-897-1   |   BID:37640   |   URL:http://www.securityfocus.com/bid/37640   |   BID:37943   |   URL:http://www.securityfocus.com/bid/37943   |   BID:37974   |   URL:http://www.securityfocus.com/bid/37974   |   OSVDB:61956   |   URL:http://www.osvdb.org/61956   |   SECTRACK:1023402   |   URL:http://securitytracker.com/id?1023402   |   SECTRACK:1023513   |   URL:http://securitytracker.com/id?1023513   |   SECUNIA:37493   |   URL:http://secunia.com/advisories/37493   |   SECUNIA:38344   |   URL:http://secunia.com/advisories/38344   |   SECUNIA:38364   |   URL:http://secunia.com/advisories/38364   |   SECUNIA:38573   |   URL:http://secunia.com/advisories/38573   |   SECUNIA:38517   |   URL:http://secunia.com/advisories/38517   |   VUPEN:ADV-2010-0233   |   URL:http://www.vupen.com/english/advisories/2010/0233   |   VUPEN:ADV-2010-0236   |   URL:http://www.vupen.com/english/advisories/2010/0236   |   XF:mysql-unspecified-bo(55416)   |   URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; | ||||
| 37.1.1;37;1;1;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos   |   URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html   |   MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227   |   URL:http://lists.mysql.com/commits/96697   |   MLIST:[dailydave] 20100126 New db bugs   |   URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html   |   MISC:http://intevydis.com/vd-list.shtml   |   MISC:http://www.intevydis.com/blog/?p=57   |   MISC:http://intevydis.com/mysql_demo.html   |   MISC:http://isc.sans.org/diary.html?storyid=7900   |   MISC:http://www.intevydis.com/blog/?p=106   |   MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html   |   MISC:http://intevydis.com/mysql_overflow1.py.txt   |   MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname   |   CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1   |   CONFIRM:http://bugs.mysql.com/bug.php?id=50227   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html   |   CONFIRM:http://www.yassl.com/news.html#yassl199   |   CONFIRM:http://www.yassl.com/release.html   |   CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313   |   DEBIAN:DSA-1997   |   URL:http://www.debian.org/security/2010/dsa-1997   |   UBUNTU:USN-897-1   |   URL:http://ubuntu.com/usn/usn-897-1   |   BID:37640   |   URL:http://www.securityfocus.com/bid/37640   |   BID:37943   |   URL:http://www.securityfocus.com/bid/37943   |   BID:37974   |   URL:http://www.securityfocus.com/bid/37974   |   OSVDB:61956   |   URL:http://www.osvdb.org/61956   |   SECTRACK:1023402   |   URL:http://securitytracker.com/id?1023402   |   SECTRACK:1023513   |   URL:http://securitytracker.com/id?1023513   |   SECUNIA:37493   |   URL:http://secunia.com/advisories/37493   |   SECUNIA:38344   |   URL:http://secunia.com/advisories/38344   |   SECUNIA:38364   |   URL:http://secunia.com/advisories/38364   |   SECUNIA:38573   |   URL:http://secunia.com/advisories/38573   |   SECUNIA:38517   |   URL:http://secunia.com/advisories/38517   |   VUPEN:ADV-2010-0233   |   URL:http://www.vupen.com/english/advisories/2010/0233   |   VUPEN:ADV-2010-0236   |   URL:http://www.vupen.com/english/advisories/2010/0236   |   XF:mysql-unspecified-bo(55416)   |   URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; | ||||
| 5.0.93;5;0;93;CVE-2009-5026;Candidate;"The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50; when running in certain slave configurations in which the slave is running a newer version than the master; allows remote attackers to execute arbitrary SQL commands via custom comments.";"MLIST:[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009)   |   URL:http://seclists.org/oss-sec/2011/q4/101   |   CONFIRM:http://bugs.mysql.com/bug.php?id=49124   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640177   |   SUSE:SUSE-SU-2012:0984   |   URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html   |   SECUNIA:49179   |   URL:http://secunia.com/advisories/49179";Assigned (20101209);"None (candidate not yet proposed)"; | ||||
| 5.1.50;5;1;50;CVE-2009-5026;Candidate;"The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50; when running in certain slave configurations in which the slave is running a newer version than the master; allows remote attackers to execute arbitrary SQL commands via custom comments.";"MLIST:[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009)   |   URL:http://seclists.org/oss-sec/2011/q4/101   |   CONFIRM:http://bugs.mysql.com/bug.php?id=49124   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640177   |   SUSE:SUSE-SU-2012:0984   |   URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html   |   SECUNIA:49179   |   URL:http://secunia.com/advisories/49179";Assigned (20101209);"None (candidate not yet proposed)"; | ||||
| 5.1.48;5;1;48;CVE-2010-2008;Candidate;"MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot); .. (dot dot); ../ (dot dot slash) or similar sequence; and an UPGRADE DATA DIRECTORY NAME command; which causes MySQL to move certain directories to the server data directory.";"CONFIRM:http://bugs.mysql.com/bug.php?id=53804   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html   |   FEDORA:FEDORA-2010-11135   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044546.html   |   MANDRIVA:MDVSA-2010:155   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:155   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:41198   |   URL:http://www.securityfocus.com/bid/41198   |   OVAL:oval:org.mitre.oval:def:11869   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11869   |   SECTRACK:1024160   |   URL:http://www.securitytracker.com/id?1024160   |   SECUNIA:40333   |   URL:http://secunia.com/advisories/40333   |   SECUNIA:40762   |   URL:http://secunia.com/advisories/40762   |   VUPEN:ADV-2010-1918   |   URL:http://www.vupen.com/english/advisories/2010/1918";Assigned (20100521);"None (candidate not yet proposed)"; | ||||
| 5.0.92;5;0;92;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-extremevalue-dos(64845)   |   URL:http://xforce.iss.net/xforce/xfdb/64845";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.1.51;5;1;51;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-extremevalue-dos(64845)   |   URL:http://xforce.iss.net/xforce/xfdb/64845";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.5.6;5;5;6;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-extremevalue-dos(64845)   |   URL:http://xforce.iss.net/xforce/xfdb/64845";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.0.92;5;0;92;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-derived-table-dos(64844)   |   URL:http://xforce.iss.net/xforce/xfdb/64844";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.1.51;5;1;51;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-derived-table-dos(64844)   |   URL:http://xforce.iss.net/xforce/xfdb/64844";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.5.6;5;5;6;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-derived-table-dos(64844)   |   URL:http://xforce.iss.net/xforce/xfdb/64844";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.1.51;5;1;51;CVE-2010-3835;Candidate;"MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY; then causing the expression value to be used after the table is created; which causes the expression to be re-evaluated instead of accessing its value from the table.";"MISC:http://bugs.mysql.com/bug.php?id=55564   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640819   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-uservariable-dos(64843)   |   URL:http://xforce.iss.net/xforce/xfdb/64843";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.5.6;5;5;6;CVE-2010-3835;Candidate;"MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY; then causing the expression value to be used after the table is created; which causes the expression to be re-evaluated instead of accessing its value from the table.";"MISC:http://bugs.mysql.com/bug.php?id=55564   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640819   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-uservariable-dos(64843)   |   URL:http://xforce.iss.net/xforce/xfdb/64843";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.0.92;5;0;92;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-view-preparation-dos(64842)   |   URL:http://xforce.iss.net/xforce/xfdb/64842";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.1.51;5;1;51;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-view-preparation-dos(64842)   |   URL:http://xforce.iss.net/xforce/xfdb/64842";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.5.6;5;5;6;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-view-preparation-dos(64842)   |   URL:http://xforce.iss.net/xforce/xfdb/64842";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.0.92;5;0;92;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-prepared-statement-dos(64841)   |   URL:http://xforce.iss.net/xforce/xfdb/64841";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.1.51;5;1;51;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-prepared-statement-dos(64841)   |   URL:http://xforce.iss.net/xforce/xfdb/64841";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.5.6;5;5;6;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-prepared-statement-dos(64841)   |   URL:http://xforce.iss.net/xforce/xfdb/64841";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.0.92;5;0;92;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-longblob-dos(64840)   |   URL:http://xforce.iss.net/xforce/xfdb/64840";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.1.51;5;1;51;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-longblob-dos(64840)   |   URL:http://xforce.iss.net/xforce/xfdb/64840";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.5.6;5;5;6;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-longblob-dos(64840)   |   URL:http://xforce.iss.net/xforce/xfdb/64840";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.1.51;5;1;51;CVE-2010-3840;Candidate;"The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.";"MISC:http://lists.mysql.com/commits/117094   |   CONFIRM:http://bugs.mysql.com/bug.php?id=51875   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640865   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0824   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0824.html   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-gislinestringinitfromwkb-dos(64838)   |   URL:http://xforce.iss.net/xforce/xfdb/64838";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 0.9.4;0;9;4;CVE-2011-0432;Candidate;"Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument.  NOTE: some of these details are obtained from third party information.";"CONFIRM:http://code.google.com/p/pywebdav/updates/list   |   CONFIRM:http://pywebdav.googlecode.com/files/PyWebDAV-0.9.4.1.tar.gz   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=677718   |   DEBIAN:DSA-2177   |   URL:http://www.debian.org/security/2011/dsa-2177   |   FEDORA:FEDORA-2011-2427   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055444.html   |   FEDORA:FEDORA-2011-2460   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055412.html   |   FEDORA:FEDORA-2011-2470   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055413.html   |   BID:46655   |   URL:http://www.securityfocus.com/bid/46655   |   SECUNIA:43571   |   URL:http://secunia.com/advisories/43571   |   SECUNIA:43602   |   URL:http://secunia.com/advisories/43602   |   SECUNIA:43703   |   URL:http://secunia.com/advisories/43703   |   VUPEN:ADV-2011-0553   |   URL:http://www.vupen.com/english/advisories/2011/0553   |   VUPEN:ADV-2011-0554   |   URL:http://www.vupen.com/english/advisories/2011/0554   |   VUPEN:ADV-2011-0634   |   URL:http://www.vupen.com/english/advisories/2011/0634";Assigned (20110112);"None (candidate not yet proposed)"; | ||||
| 5.1.22;5;1;22;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded   |   MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released   |   URL:http://lists.mysql.com/announce/495   |   CONFIRM:http://bugs.mysql.com/32111   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html   |   CONFIRM:http://forums.mysql.com/read.php?3;186931;186931   |   CONFIRM:https://issues.rpath.com/browse/RPL-1999   |   CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html   |   CONFIRM:http://support.apple.com/kb/HT3216   |   APPLE:APPLE-SA-2008-10-09   |   URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html   |   DEBIAN:DSA-1451   |   URL:http://www.debian.org/security/2008/dsa-1451   |   FEDORA:FEDORA-2007-4465   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html   |   FEDORA:FEDORA-2007-4471   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html   |   GENTOO:GLSA-200804-04   |   URL:http://security.gentoo.org/glsa/glsa-200804-04.xml   |   MANDRIVA:MDKSA-2007:243   |   URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243   |   REDHAT:RHSA-2007:1155   |   URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html   |   REDHAT:RHSA-2007:1157   |   URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html   |   SLACKWARE:SSA:2007-348-01   |   URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-559-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1   |   BID:26765   |   URL:http://www.securityfocus.com/bid/26765   |   BID:31681   |   URL:http://www.securityfocus.com/bid/31681   |   OVAL:oval:org.mitre.oval:def:10509   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509   |   VUPEN:ADV-2007-4142   |   URL:http://www.vupen.com/english/advisories/2007/4142   |   VUPEN:ADV-2007-4198   |   URL:http://www.vupen.com/english/advisories/2007/4198   |   VUPEN:ADV-2008-0560   |   URL:http://www.vupen.com/english/advisories/2008/0560/references   |   VUPEN:ADV-2008-1000   |   URL:http://www.vupen.com/english/advisories/2008/1000/references   |   VUPEN:ADV-2008-2780   |   URL:http://www.vupen.com/english/advisories/2008/2780   |   SECTRACK:1019060   |   URL:http://www.securitytracker.com/id?1019060   |   SECUNIA:27981   |   URL:http://secunia.com/advisories/27981   |   SECUNIA:28040   |   URL:http://secunia.com/advisories/28040   |   SECUNIA:28063   |   URL:http://secunia.com/advisories/28063   |   SECUNIA:28025   |   URL:http://secunia.com/advisories/28025   |   SECUNIA:28108   |   URL:http://secunia.com/advisories/28108   |   SECUNIA:28099   |   URL:http://secunia.com/advisories/28099   |   SECUNIA:28128   |   URL:http://secunia.com/advisories/28128   |   SECUNIA:28343   |   URL:http://secunia.com/advisories/28343   |   SECUNIA:28559   |   URL:http://secunia.com/advisories/28559   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:29706   |   URL:http://secunia.com/advisories/29706   |   SECUNIA:32222   |   URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; | ||||
| 6.0.3;6;0;3;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded   |   MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released   |   URL:http://lists.mysql.com/announce/495   |   CONFIRM:http://bugs.mysql.com/32111   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html   |   CONFIRM:http://forums.mysql.com/read.php?3;186931;186931   |   CONFIRM:https://issues.rpath.com/browse/RPL-1999   |   CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html   |   CONFIRM:http://support.apple.com/kb/HT3216   |   APPLE:APPLE-SA-2008-10-09   |   URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html   |   DEBIAN:DSA-1451   |   URL:http://www.debian.org/security/2008/dsa-1451   |   FEDORA:FEDORA-2007-4465   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html   |   FEDORA:FEDORA-2007-4471   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html   |   GENTOO:GLSA-200804-04   |   URL:http://security.gentoo.org/glsa/glsa-200804-04.xml   |   MANDRIVA:MDKSA-2007:243   |   URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243   |   REDHAT:RHSA-2007:1155   |   URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html   |   REDHAT:RHSA-2007:1157   |   URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html   |   SLACKWARE:SSA:2007-348-01   |   URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-559-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1   |   BID:26765   |   URL:http://www.securityfocus.com/bid/26765   |   BID:31681   |   URL:http://www.securityfocus.com/bid/31681   |   OVAL:oval:org.mitre.oval:def:10509   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509   |   VUPEN:ADV-2007-4142   |   URL:http://www.vupen.com/english/advisories/2007/4142   |   VUPEN:ADV-2007-4198   |   URL:http://www.vupen.com/english/advisories/2007/4198   |   VUPEN:ADV-2008-0560   |   URL:http://www.vupen.com/english/advisories/2008/0560/references   |   VUPEN:ADV-2008-1000   |   URL:http://www.vupen.com/english/advisories/2008/1000/references   |   VUPEN:ADV-2008-2780   |   URL:http://www.vupen.com/english/advisories/2008/2780   |   SECTRACK:1019060   |   URL:http://www.securitytracker.com/id?1019060   |   SECUNIA:27981   |   URL:http://secunia.com/advisories/27981   |   SECUNIA:28040   |   URL:http://secunia.com/advisories/28040   |   SECUNIA:28063   |   URL:http://secunia.com/advisories/28063   |   SECUNIA:28025   |   URL:http://secunia.com/advisories/28025   |   SECUNIA:28108   |   URL:http://secunia.com/advisories/28108   |   SECUNIA:28099   |   URL:http://secunia.com/advisories/28099   |   SECUNIA:28128   |   URL:http://secunia.com/advisories/28128   |   SECUNIA:28343   |   URL:http://secunia.com/advisories/28343   |   SECUNIA:28559   |   URL:http://secunia.com/advisories/28559   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:29706   |   URL:http://secunia.com/advisories/29706   |   SECUNIA:32222   |   URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; | ||||
| 5.0.50;5;0;50;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded   |   CONFIRM:http://bugs.mysql.com/bug.php?id=29908   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html   |   CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html   |   CONFIRM:http://lists.mysql.com/announce/502   |   CONFIRM:https://issues.rpath.com/browse/RPL-2187   |   CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040   |   FEDORA:FEDORA-2007-4465   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html   |   FEDORA:FEDORA-2007-4471   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html   |   GENTOO:GLSA-200804-04   |   URL:http://security.gentoo.org/glsa/glsa-200804-04.xml   |   MANDRIVA:MDVSA-2008:017   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017   |   REDHAT:RHSA-2007:1157   |   URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-588-1   |   URL:http://www.ubuntu.com/usn/usn-588-1   |   BID:26832   |   URL:http://www.securityfocus.com/bid/26832   |   VUPEN:ADV-2007-4198   |   URL:http://www.vupen.com/english/advisories/2007/4198   |   SECTRACK:1019085   |   URL:http://securitytracker.com/id?1019085   |   SECUNIA:28063   |   URL:http://secunia.com/advisories/28063   |   SECUNIA:28025   |   URL:http://secunia.com/advisories/28025   |   SECUNIA:28739   |   URL:http://secunia.com/advisories/28739   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:29443   |   URL:http://secunia.com/advisories/29443   |   SECUNIA:29706   |   URL:http://secunia.com/advisories/29706   |   XF:mysql-definer-value-privilege-escalation(38989)   |   URL:http://xforce.iss.net/xforce/xfdb/38989";Assigned (20071210);"None (candidate not yet proposed)"; | ||||
| 5.1.22;5;1;22;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded   |   CONFIRM:http://bugs.mysql.com/bug.php?id=29908   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html   |   CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html   |   CONFIRM:http://lists.mysql.com/announce/502   |   CONFIRM:https://issues.rpath.com/browse/RPL-2187   |   CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040   |   FEDORA:FEDORA-2007-4465   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html   |   FEDORA:FEDORA-2007-4471   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html   |   GENTOO:GLSA-200804-04   |   URL:http://security.gentoo.org/glsa/glsa-200804-04.xml   |   MANDRIVA:MDVSA-2008:017   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017   |   REDHAT:RHSA-2007:1157   |   URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-588-1   |   URL:http://www.ubuntu.com/usn/usn-588-1   |   BID:26832   |   URL:http://www.securityfocus.com/bid/26832   |   VUPEN:ADV-2007-4198   |   URL:http://www.vupen.com/english/advisories/2007/4198   |   SECTRACK:1019085   |   URL:http://securitytracker.com/id?1019085   |   SECUNIA:28063   |   URL:http://secunia.com/advisories/28063   |   SECUNIA:28025   |   URL:http://secunia.com/advisories/28025   |   SECUNIA:28739   |   URL:http://secunia.com/advisories/28739   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:29443   |   URL:http://secunia.com/advisories/29443   |   SECUNIA:29706   |   URL:http://secunia.com/advisories/29706   |   XF:mysql-definer-value-privilege-escalation(38989)   |   URL:http://xforce.iss.net/xforce/xfdb/38989";Assigned (20071210);"None (candidate not yet proposed)"; | ||||
| 6.0.3;6;0;3;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded   |   CONFIRM:http://bugs.mysql.com/bug.php?id=29908   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html   |   CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html   |   CONFIRM:http://lists.mysql.com/announce/502   |   CONFIRM:https://issues.rpath.com/browse/RPL-2187   |   CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040   |   FEDORA:FEDORA-2007-4465   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html   |   FEDORA:FEDORA-2007-4471   |   URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html   |   GENTOO:GLSA-200804-04   |   URL:http://security.gentoo.org/glsa/glsa-200804-04.xml   |   MANDRIVA:MDVSA-2008:017   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017   |   REDHAT:RHSA-2007:1157   |   URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-588-1   |   URL:http://www.ubuntu.com/usn/usn-588-1   |   BID:26832   |   URL:http://www.securityfocus.com/bid/26832   |   VUPEN:ADV-2007-4198   |   URL:http://www.vupen.com/english/advisories/2007/4198   |   SECTRACK:1019085   |   URL:http://securitytracker.com/id?1019085   |   SECUNIA:28063   |   URL:http://secunia.com/advisories/28063   |   SECUNIA:28025   |   URL:http://secunia.com/advisories/28025   |   SECUNIA:28739   |   URL:http://secunia.com/advisories/28739   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:29443   |   URL:http://secunia.com/advisories/29443   |   SECUNIA:29706   |   URL:http://secunia.com/advisories/29706   |   XF:mysql-definer-value-privilege-escalation(38989)   |   URL:http://xforce.iss.net/xforce/xfdb/38989";Assigned (20071210);"None (candidate not yet proposed)"; | ||||
| 5.0.50;5;0;50;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded   |   CONFIRM:http://bugs.mysql.com/bug.php?id=29801   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html   |   CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html   |   CONFIRM:http://lists.mysql.com/announce/502   |   CONFIRM:https://issues.rpath.com/browse/RPL-2187   |   CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040   |   DEBIAN:DSA-1451   |   URL:http://www.debian.org/security/2008/dsa-1451   |   GENTOO:GLSA-200804-04   |   URL:http://security.gentoo.org/glsa/glsa-200804-04.xml   |   MANDRIVA:MDVSA-2008:017   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017   |   MANDRIVA:MDVSA-2008:028   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-559-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1   |   BID:26832   |   URL:http://www.securityfocus.com/bid/26832   |   OSVDB:42609   |   URL:http://osvdb.org/42609   |   VUPEN:ADV-2007-4198   |   URL:http://www.vupen.com/english/advisories/2007/4198   |   SECTRACK:1019085   |   URL:http://securitytracker.com/id?1019085   |   SECUNIA:28063   |   URL:http://secunia.com/advisories/28063   |   SECUNIA:28128   |   URL:http://secunia.com/advisories/28128   |   SECUNIA:28343   |   URL:http://secunia.com/advisories/28343   |   SECUNIA:28637   |   URL:http://secunia.com/advisories/28637   |   SECUNIA:28739   |   URL:http://secunia.com/advisories/28739   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:29706   |   URL:http://secunia.com/advisories/29706   |   XF:mysql-federated-engine-dos(38990)   |   URL:http://xforce.iss.net/xforce/xfdb/38990";Assigned (20071210);"None (candidate not yet proposed)"; | ||||
| 5.1.22;5;1;22;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded   |   CONFIRM:http://bugs.mysql.com/bug.php?id=29801   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html   |   CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html   |   CONFIRM:http://lists.mysql.com/announce/502   |   CONFIRM:https://issues.rpath.com/browse/RPL-2187   |   CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040   |   DEBIAN:DSA-1451   |   URL:http://www.debian.org/security/2008/dsa-1451   |   GENTOO:GLSA-200804-04   |   URL:http://security.gentoo.org/glsa/glsa-200804-04.xml   |   MANDRIVA:MDVSA-2008:017   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017   |   MANDRIVA:MDVSA-2008:028   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-559-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1   |   BID:26832   |   URL:http://www.securityfocus.com/bid/26832   |   OSVDB:42609   |   URL:http://osvdb.org/42609   |   VUPEN:ADV-2007-4198   |   URL:http://www.vupen.com/english/advisories/2007/4198   |   SECTRACK:1019085   |   URL:http://securitytracker.com/id?1019085   |   SECUNIA:28063   |   URL:http://secunia.com/advisories/28063   |   SECUNIA:28128   |   URL:http://secunia.com/advisories/28128   |   SECUNIA:28343   |   URL:http://secunia.com/advisories/28343   |   SECUNIA:28637   |   URL:http://secunia.com/advisories/28637   |   SECUNIA:28739   |   URL:http://secunia.com/advisories/28739   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:29706   |   URL:http://secunia.com/advisories/29706   |   XF:mysql-federated-engine-dos(38990)   |   URL:http://xforce.iss.net/xforce/xfdb/38990";Assigned (20071210);"None (candidate not yet proposed)"; | ||||
| 6.0.3;6;0;3;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server   |   URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded   |   CONFIRM:http://bugs.mysql.com/bug.php?id=29801   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html   |   CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html   |   CONFIRM:http://lists.mysql.com/announce/502   |   CONFIRM:https://issues.rpath.com/browse/RPL-2187   |   CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040   |   DEBIAN:DSA-1451   |   URL:http://www.debian.org/security/2008/dsa-1451   |   GENTOO:GLSA-200804-04   |   URL:http://security.gentoo.org/glsa/glsa-200804-04.xml   |   MANDRIVA:MDVSA-2008:017   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017   |   MANDRIVA:MDVSA-2008:028   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028   |   SUSE:SUSE-SR:2008:003   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html   |   UBUNTU:USN-559-1   |   URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1   |   BID:26832   |   URL:http://www.securityfocus.com/bid/26832   |   OSVDB:42609   |   URL:http://osvdb.org/42609   |   VUPEN:ADV-2007-4198   |   URL:http://www.vupen.com/english/advisories/2007/4198   |   SECTRACK:1019085   |   URL:http://securitytracker.com/id?1019085   |   SECUNIA:28063   |   URL:http://secunia.com/advisories/28063   |   SECUNIA:28128   |   URL:http://secunia.com/advisories/28128   |   SECUNIA:28343   |   URL:http://secunia.com/advisories/28343   |   SECUNIA:28637   |   URL:http://secunia.com/advisories/28637   |   SECUNIA:28739   |   URL:http://secunia.com/advisories/28739   |   SECUNIA:28838   |   URL:http://secunia.com/advisories/28838   |   SECUNIA:29706   |   URL:http://secunia.com/advisories/29706   |   XF:mysql-federated-engine-dos(38990)   |   URL:http://xforce.iss.net/xforce/xfdb/38990";Assigned (20071210);"None (candidate not yet proposed)"; | ||||
| 5.1.22;5;1;22;CVE-2007-6313;Candidate;"MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG; which allows remote authorized users to execute arbitrary BINLOG statements.";"CONFIRM:http://bugs.mysql.com/31611   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html   |   SECTRACK:1019083   |   URL:http://www.securitytracker.com/id?1019083   |   VUPEN:ADV-2008-0560   |   URL:http://www.vupen.com/english/advisories/2008/0560/references   |   OSVDB:43179   |   URL:http://osvdb.org/43179";Assigned (20071211);"None (candidate not yet proposed)"; | ||||
| 6.0.3;6;0;3;CVE-2007-6313;Candidate;"MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG; which allows remote authorized users to execute arbitrary BINLOG statements.";"CONFIRM:http://bugs.mysql.com/31611   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html   |   SECTRACK:1019083   |   URL:http://www.securitytracker.com/id?1019083   |   VUPEN:ADV-2008-0560   |   URL:http://www.vupen.com/english/advisories/2008/0560/references   |   OSVDB:43179   |   URL:http://osvdb.org/43179";Assigned (20071211);"None (candidate not yet proposed)"; | ||||
| 5.0.65;5;0;65;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash   |   URL:http://www.openwall.com/lists/oss-security/2008/09/09/4   |   MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash   |   URL:http://www.openwall.com/lists/oss-security/2008/09/09/7   |   CONFIRM:http://bugs.mysql.com/bug.php?id=35658   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html   |   CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html   |   CONFIRM:https://bugs.gentoo.org/237166   |   DEBIAN:DSA-1783   |   URL:http://www.debian.org/security/2009/dsa-1783   |   MANDRIVA:MDVSA-2009:094   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094   |   REDHAT:RHSA-2009:1067   |   URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html   |   REDHAT:RHSA-2009:1289   |   URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html   |   SUSE:SUSE-SR:2008:025   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html   |   UBUNTU:USN-671-1   |   URL:http://www.ubuntu.com/usn/USN-671-1   |   OVAL:oval:org.mitre.oval:def:10521   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10521   |   SECUNIA:34907   |   URL:http://secunia.com/advisories/34907   |   SECUNIA:32769   |   URL:http://secunia.com/advisories/32769   |   SECUNIA:36566   |   URL:http://secunia.com/advisories/36566   |   VUPEN:ADV-2008-2554   |   URL:http://www.vupen.com/english/advisories/2008/2554   |   SECTRACK:1020858   |   URL:http://www.securitytracker.com/id?1020858   |   SECUNIA:31769   |   URL:http://secunia.com/advisories/31769   |   SECUNIA:32759   |   URL:http://secunia.com/advisories/32759   |   XF:mysql-bitstring-dos(45042)   |   URL:http://xforce.iss.net/xforce/xfdb/45042";Assigned (20080909);"None (candidate not yet proposed)"; | ||||
| 5.1.25;5;1;25;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash   |   URL:http://www.openwall.com/lists/oss-security/2008/09/09/4   |   MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash   |   URL:http://www.openwall.com/lists/oss-security/2008/09/09/7   |   CONFIRM:http://bugs.mysql.com/bug.php?id=35658   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html   |   CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html   |   CONFIRM:https://bugs.gentoo.org/237166   |   DEBIAN:DSA-1783   |   URL:http://www.debian.org/security/2009/dsa-1783   |   MANDRIVA:MDVSA-2009:094   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094   |   REDHAT:RHSA-2009:1067   |   URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html   |   REDHAT:RHSA-2009:1289   |   URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html   |   SUSE:SUSE-SR:2008:025   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html   |   UBUNTU:USN-671-1   |   URL:http://www.ubuntu.com/usn/USN-671-1   |   OVAL:oval:org.mitre.oval:def:10521   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10521   |   SECUNIA:34907   |   URL:http://secunia.com/advisories/34907   |   SECUNIA:32769   |   URL:http://secunia.com/advisories/32769   |   SECUNIA:36566   |   URL:http://secunia.com/advisories/36566   |   VUPEN:ADV-2008-2554   |   URL:http://www.vupen.com/english/advisories/2008/2554   |   SECTRACK:1020858   |   URL:http://www.securitytracker.com/id?1020858   |   SECUNIA:31769   |   URL:http://secunia.com/advisories/31769   |   SECUNIA:32759   |   URL:http://secunia.com/advisories/32759   |   XF:mysql-bitstring-dos(45042)   |   URL:http://xforce.iss.net/xforce/xfdb/45042";Assigned (20080909);"None (candidate not yet proposed)"; | ||||
| 6.0.5;6;0;5;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash   |   URL:http://www.openwall.com/lists/oss-security/2008/09/09/4   |   MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash   |   URL:http://www.openwall.com/lists/oss-security/2008/09/09/7   |   CONFIRM:http://bugs.mysql.com/bug.php?id=35658   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html   |   CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html   |   CONFIRM:https://bugs.gentoo.org/237166   |   DEBIAN:DSA-1783   |   URL:http://www.debian.org/security/2009/dsa-1783   |   MANDRIVA:MDVSA-2009:094   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094   |   REDHAT:RHSA-2009:1067   |   URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html   |   REDHAT:RHSA-2009:1289   |   URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html   |   SUSE:SUSE-SR:2008:025   |   URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html   |   UBUNTU:USN-671-1   |   URL:http://www.ubuntu.com/usn/USN-671-1   |   OVAL:oval:org.mitre.oval:def:10521   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10521   |   SECUNIA:34907   |   URL:http://secunia.com/advisories/34907   |   SECUNIA:32769   |   URL:http://secunia.com/advisories/32769   |   SECUNIA:36566   |   URL:http://secunia.com/advisories/36566   |   VUPEN:ADV-2008-2554   |   URL:http://www.vupen.com/english/advisories/2008/2554   |   SECTRACK:1020858   |   URL:http://www.securitytracker.com/id?1020858   |   SECUNIA:31769   |   URL:http://secunia.com/advisories/31769   |   SECUNIA:32759   |   URL:http://secunia.com/advisories/32759   |   XF:mysql-bitstring-dos(45042)   |   URL:http://xforce.iss.net/xforce/xfdb/45042";Assigned (20080909);"None (candidate not yet proposed)"; | ||||
| 5.0.87;5;0;87;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"MLIST:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320   |   URL:http://lists.mysql.com/commits/87446   |   MLIST:[oss-security] 20091119 mysql-5.1.41   |   URL:http://www.openwall.com/lists/oss-security/2009/11/19/3   |   MLIST:[oss-security] 20091121 CVE Request - MySQL - 5.0.88   |   URL:http://marc.info/?l=oss-security&m=125881733826437&w=2   |   MLIST:[oss-security] 20091123 Re: mysql-5.1.41   |   URL:http://www.openwall.com/lists/oss-security/2009/11/23/16   |   CONFIRM:http://bugs.mysql.com/47320   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html   |   REDHAT:RHSA-2010:0109   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html   |   SUSE:SUSE-SR:2010:011   |   URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html   |   OVAL:oval:org.mitre.oval:def:10940   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10940   |   OVAL:oval:org.mitre.oval:def:8510   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8510   |   VUPEN:ADV-2010-1107   |   URL:http://www.vupen.com/english/advisories/2010/1107";Assigned (20091120);"None (candidate not yet proposed)"; | ||||
| 5.1.40;5;1;40;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"MLIST:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320   |   URL:http://lists.mysql.com/commits/87446   |   MLIST:[oss-security] 20091119 mysql-5.1.41   |   URL:http://www.openwall.com/lists/oss-security/2009/11/19/3   |   MLIST:[oss-security] 20091121 CVE Request - MySQL - 5.0.88   |   URL:http://marc.info/?l=oss-security&m=125881733826437&w=2   |   MLIST:[oss-security] 20091123 Re: mysql-5.1.41   |   URL:http://www.openwall.com/lists/oss-security/2009/11/23/16   |   CONFIRM:http://bugs.mysql.com/47320   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html   |   REDHAT:RHSA-2010:0109   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html   |   SUSE:SUSE-SR:2010:011   |   URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html   |   OVAL:oval:org.mitre.oval:def:10940   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10940   |   OVAL:oval:org.mitre.oval:def:8510   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8510   |   VUPEN:ADV-2010-1107   |   URL:http://www.vupen.com/english/advisories/2010/1107";Assigned (20091120);"None (candidate not yet proposed)"; | ||||
| 1.9.8;1;9;8;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos   |   URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html   |   MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227   |   URL:http://lists.mysql.com/commits/96697   |   MLIST:[dailydave] 20100126 New db bugs   |   URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html   |   MISC:http://intevydis.com/vd-list.shtml   |   MISC:http://www.intevydis.com/blog/?p=57   |   MISC:http://intevydis.com/mysql_demo.html   |   MISC:http://isc.sans.org/diary.html?storyid=7900   |   MISC:http://www.intevydis.com/blog/?p=106   |   MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html   |   MISC:http://intevydis.com/mysql_overflow1.py.txt   |   MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname   |   CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1   |   CONFIRM:http://bugs.mysql.com/bug.php?id=50227   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html   |   CONFIRM:http://www.yassl.com/news.html#yassl199   |   CONFIRM:http://www.yassl.com/release.html   |   CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313   |   DEBIAN:DSA-1997   |   URL:http://www.debian.org/security/2010/dsa-1997   |   UBUNTU:USN-897-1   |   URL:http://ubuntu.com/usn/usn-897-1   |   BID:37640   |   URL:http://www.securityfocus.com/bid/37640   |   BID:37943   |   URL:http://www.securityfocus.com/bid/37943   |   BID:37974   |   URL:http://www.securityfocus.com/bid/37974   |   OSVDB:61956   |   URL:http://www.osvdb.org/61956   |   SECTRACK:1023402   |   URL:http://securitytracker.com/id?1023402   |   SECTRACK:1023513   |   URL:http://securitytracker.com/id?1023513   |   SECUNIA:37493   |   URL:http://secunia.com/advisories/37493   |   SECUNIA:38344   |   URL:http://secunia.com/advisories/38344   |   SECUNIA:38364   |   URL:http://secunia.com/advisories/38364   |   SECUNIA:38573   |   URL:http://secunia.com/advisories/38573   |   SECUNIA:38517   |   URL:http://secunia.com/advisories/38517   |   VUPEN:ADV-2010-0233   |   URL:http://www.vupen.com/english/advisories/2010/0233   |   VUPEN:ADV-2010-0236   |   URL:http://www.vupen.com/english/advisories/2010/0236   |   XF:mysql-unspecified-bo(55416)   |   URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; | ||||
| 5.0.89;5;0;89;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos   |   URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html   |   MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227   |   URL:http://lists.mysql.com/commits/96697   |   MLIST:[dailydave] 20100126 New db bugs   |   URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html   |   MISC:http://intevydis.com/vd-list.shtml   |   MISC:http://www.intevydis.com/blog/?p=57   |   MISC:http://intevydis.com/mysql_demo.html   |   MISC:http://isc.sans.org/diary.html?storyid=7900   |   MISC:http://www.intevydis.com/blog/?p=106   |   MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html   |   MISC:http://intevydis.com/mysql_overflow1.py.txt   |   MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname   |   CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1   |   CONFIRM:http://bugs.mysql.com/bug.php?id=50227   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html   |   CONFIRM:http://www.yassl.com/news.html#yassl199   |   CONFIRM:http://www.yassl.com/release.html   |   CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313   |   DEBIAN:DSA-1997   |   URL:http://www.debian.org/security/2010/dsa-1997   |   UBUNTU:USN-897-1   |   URL:http://ubuntu.com/usn/usn-897-1   |   BID:37640   |   URL:http://www.securityfocus.com/bid/37640   |   BID:37943   |   URL:http://www.securityfocus.com/bid/37943   |   BID:37974   |   URL:http://www.securityfocus.com/bid/37974   |   OSVDB:61956   |   URL:http://www.osvdb.org/61956   |   SECTRACK:1023402   |   URL:http://securitytracker.com/id?1023402   |   SECTRACK:1023513   |   URL:http://securitytracker.com/id?1023513   |   SECUNIA:37493   |   URL:http://secunia.com/advisories/37493   |   SECUNIA:38344   |   URL:http://secunia.com/advisories/38344   |   SECUNIA:38364   |   URL:http://secunia.com/advisories/38364   |   SECUNIA:38573   |   URL:http://secunia.com/advisories/38573   |   SECUNIA:38517   |   URL:http://secunia.com/advisories/38517   |   VUPEN:ADV-2010-0233   |   URL:http://www.vupen.com/english/advisories/2010/0233   |   VUPEN:ADV-2010-0236   |   URL:http://www.vupen.com/english/advisories/2010/0236   |   XF:mysql-unspecified-bo(55416)   |   URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; | ||||
| 5.1.42;5;1;42;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos   |   URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html   |   MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227   |   URL:http://lists.mysql.com/commits/96697   |   MLIST:[dailydave] 20100126 New db bugs   |   URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html   |   MISC:http://intevydis.com/vd-list.shtml   |   MISC:http://www.intevydis.com/blog/?p=57   |   MISC:http://intevydis.com/mysql_demo.html   |   MISC:http://isc.sans.org/diary.html?storyid=7900   |   MISC:http://www.intevydis.com/blog/?p=106   |   MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html   |   MISC:http://intevydis.com/mysql_overflow1.py.txt   |   MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname   |   CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1   |   CONFIRM:http://bugs.mysql.com/bug.php?id=50227   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html   |   CONFIRM:http://www.yassl.com/news.html#yassl199   |   CONFIRM:http://www.yassl.com/release.html   |   CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313   |   DEBIAN:DSA-1997   |   URL:http://www.debian.org/security/2010/dsa-1997   |   UBUNTU:USN-897-1   |   URL:http://ubuntu.com/usn/usn-897-1   |   BID:37640   |   URL:http://www.securityfocus.com/bid/37640   |   BID:37943   |   URL:http://www.securityfocus.com/bid/37943   |   BID:37974   |   URL:http://www.securityfocus.com/bid/37974   |   OSVDB:61956   |   URL:http://www.osvdb.org/61956   |   SECTRACK:1023402   |   URL:http://securitytracker.com/id?1023402   |   SECTRACK:1023513   |   URL:http://securitytracker.com/id?1023513   |   SECUNIA:37493   |   URL:http://secunia.com/advisories/37493   |   SECUNIA:38344   |   URL:http://secunia.com/advisories/38344   |   SECUNIA:38364   |   URL:http://secunia.com/advisories/38364   |   SECUNIA:38573   |   URL:http://secunia.com/advisories/38573   |   SECUNIA:38517   |   URL:http://secunia.com/advisories/38517   |   VUPEN:ADV-2010-0233   |   URL:http://www.vupen.com/english/advisories/2010/0233   |   VUPEN:ADV-2010-0236   |   URL:http://www.vupen.com/english/advisories/2010/0236   |   XF:mysql-unspecified-bo(55416)   |   URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; | ||||
| 5.5.-1;5;5;-1;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos   |   URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html   |   MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227   |   URL:http://lists.mysql.com/commits/96697   |   MLIST:[dailydave] 20100126 New db bugs   |   URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html   |   MISC:http://intevydis.com/vd-list.shtml   |   MISC:http://www.intevydis.com/blog/?p=57   |   MISC:http://intevydis.com/mysql_demo.html   |   MISC:http://isc.sans.org/diary.html?storyid=7900   |   MISC:http://www.intevydis.com/blog/?p=106   |   MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html   |   MISC:http://intevydis.com/mysql_overflow1.py.txt   |   MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname   |   CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1   |   CONFIRM:http://bugs.mysql.com/bug.php?id=50227   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html   |   CONFIRM:http://www.yassl.com/news.html#yassl199   |   CONFIRM:http://www.yassl.com/release.html   |   CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313   |   DEBIAN:DSA-1997   |   URL:http://www.debian.org/security/2010/dsa-1997   |   UBUNTU:USN-897-1   |   URL:http://ubuntu.com/usn/usn-897-1   |   BID:37640   |   URL:http://www.securityfocus.com/bid/37640   |   BID:37943   |   URL:http://www.securityfocus.com/bid/37943   |   BID:37974   |   URL:http://www.securityfocus.com/bid/37974   |   OSVDB:61956   |   URL:http://www.osvdb.org/61956   |   SECTRACK:1023402   |   URL:http://securitytracker.com/id?1023402   |   SECTRACK:1023513   |   URL:http://securitytracker.com/id?1023513   |   SECUNIA:37493   |   URL:http://secunia.com/advisories/37493   |   SECUNIA:38344   |   URL:http://secunia.com/advisories/38344   |   SECUNIA:38364   |   URL:http://secunia.com/advisories/38364   |   SECUNIA:38573   |   URL:http://secunia.com/advisories/38573   |   SECUNIA:38517   |   URL:http://secunia.com/advisories/38517   |   VUPEN:ADV-2010-0233   |   URL:http://www.vupen.com/english/advisories/2010/0233   |   VUPEN:ADV-2010-0236   |   URL:http://www.vupen.com/english/advisories/2010/0236   |   XF:mysql-unspecified-bo(55416)   |   URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; | ||||
| 5.0.50;5;0;50;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos   |   URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html   |   MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227   |   URL:http://lists.mysql.com/commits/96697   |   MLIST:[dailydave] 20100126 New db bugs   |   URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html   |   MISC:http://intevydis.com/vd-list.shtml   |   MISC:http://www.intevydis.com/blog/?p=57   |   MISC:http://intevydis.com/mysql_demo.html   |   MISC:http://isc.sans.org/diary.html?storyid=7900   |   MISC:http://www.intevydis.com/blog/?p=106   |   MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html   |   MISC:http://intevydis.com/mysql_overflow1.py.txt   |   MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname   |   CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1   |   CONFIRM:http://bugs.mysql.com/bug.php?id=50227   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html   |   CONFIRM:http://www.yassl.com/news.html#yassl199   |   CONFIRM:http://www.yassl.com/release.html   |   CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313   |   DEBIAN:DSA-1997   |   URL:http://www.debian.org/security/2010/dsa-1997   |   UBUNTU:USN-897-1   |   URL:http://ubuntu.com/usn/usn-897-1   |   BID:37640   |   URL:http://www.securityfocus.com/bid/37640   |   BID:37943   |   URL:http://www.securityfocus.com/bid/37943   |   BID:37974   |   URL:http://www.securityfocus.com/bid/37974   |   OSVDB:61956   |   URL:http://www.osvdb.org/61956   |   SECTRACK:1023402   |   URL:http://securitytracker.com/id?1023402   |   SECTRACK:1023513   |   URL:http://securitytracker.com/id?1023513   |   SECUNIA:37493   |   URL:http://secunia.com/advisories/37493   |   SECUNIA:38344   |   URL:http://secunia.com/advisories/38344   |   SECUNIA:38364   |   URL:http://secunia.com/advisories/38364   |   SECUNIA:38573   |   URL:http://secunia.com/advisories/38573   |   SECUNIA:38517   |   URL:http://secunia.com/advisories/38517   |   VUPEN:ADV-2010-0233   |   URL:http://www.vupen.com/english/advisories/2010/0233   |   VUPEN:ADV-2010-0236   |   URL:http://www.vupen.com/english/advisories/2010/0236   |   XF:mysql-unspecified-bo(55416)   |   URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; | ||||
| 37.1.0;37;1;0;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos   |   URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html   |   MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227   |   URL:http://lists.mysql.com/commits/96697   |   MLIST:[dailydave] 20100126 New db bugs   |   URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html   |   MISC:http://intevydis.com/vd-list.shtml   |   MISC:http://www.intevydis.com/blog/?p=57   |   MISC:http://intevydis.com/mysql_demo.html   |   MISC:http://isc.sans.org/diary.html?storyid=7900   |   MISC:http://www.intevydis.com/blog/?p=106   |   MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html   |   MISC:http://intevydis.com/mysql_overflow1.py.txt   |   MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname   |   CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1   |   CONFIRM:http://bugs.mysql.com/bug.php?id=50227   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html   |   CONFIRM:http://www.yassl.com/news.html#yassl199   |   CONFIRM:http://www.yassl.com/release.html   |   CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313   |   DEBIAN:DSA-1997   |   URL:http://www.debian.org/security/2010/dsa-1997   |   UBUNTU:USN-897-1   |   URL:http://ubuntu.com/usn/usn-897-1   |   BID:37640   |   URL:http://www.securityfocus.com/bid/37640   |   BID:37943   |   URL:http://www.securityfocus.com/bid/37943   |   BID:37974   |   URL:http://www.securityfocus.com/bid/37974   |   OSVDB:61956   |   URL:http://www.osvdb.org/61956   |   SECTRACK:1023402   |   URL:http://securitytracker.com/id?1023402   |   SECTRACK:1023513   |   URL:http://securitytracker.com/id?1023513   |   SECUNIA:37493   |   URL:http://secunia.com/advisories/37493   |   SECUNIA:38344   |   URL:http://secunia.com/advisories/38344   |   SECUNIA:38364   |   URL:http://secunia.com/advisories/38364   |   SECUNIA:38573   |   URL:http://secunia.com/advisories/38573   |   SECUNIA:38517   |   URL:http://secunia.com/advisories/38517   |   VUPEN:ADV-2010-0233   |   URL:http://www.vupen.com/english/advisories/2010/0233   |   VUPEN:ADV-2010-0236   |   URL:http://www.vupen.com/english/advisories/2010/0236   |   XF:mysql-unspecified-bo(55416)   |   URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; | ||||
| 5.0.92;5;0;92;CVE-2009-5026;Candidate;"The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50; when running in certain slave configurations in which the slave is running a newer version than the master; allows remote attackers to execute arbitrary SQL commands via custom comments.";"MLIST:[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009)   |   URL:http://seclists.org/oss-sec/2011/q4/101   |   CONFIRM:http://bugs.mysql.com/bug.php?id=49124   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640177   |   SUSE:SUSE-SU-2012:0984   |   URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html   |   SECUNIA:49179   |   URL:http://secunia.com/advisories/49179";Assigned (20101209);"None (candidate not yet proposed)"; | ||||
| 5.1.49;5;1;49;CVE-2009-5026;Candidate;"The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50; when running in certain slave configurations in which the slave is running a newer version than the master; allows remote attackers to execute arbitrary SQL commands via custom comments.";"MLIST:[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009)   |   URL:http://seclists.org/oss-sec/2011/q4/101   |   CONFIRM:http://bugs.mysql.com/bug.php?id=49124   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640177   |   SUSE:SUSE-SU-2012:0984   |   URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html   |   SECUNIA:49179   |   URL:http://secunia.com/advisories/49179";Assigned (20101209);"None (candidate not yet proposed)"; | ||||
| 5.1.47;5;1;47;CVE-2010-2008;Candidate;"MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot); .. (dot dot); ../ (dot dot slash) or similar sequence; and an UPGRADE DATA DIRECTORY NAME command; which causes MySQL to move certain directories to the server data directory.";"CONFIRM:http://bugs.mysql.com/bug.php?id=53804   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html   |   FEDORA:FEDORA-2010-11135   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044546.html   |   MANDRIVA:MDVSA-2010:155   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:155   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:41198   |   URL:http://www.securityfocus.com/bid/41198   |   OVAL:oval:org.mitre.oval:def:11869   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11869   |   SECTRACK:1024160   |   URL:http://www.securitytracker.com/id?1024160   |   SECUNIA:40333   |   URL:http://secunia.com/advisories/40333   |   SECUNIA:40762   |   URL:http://secunia.com/advisories/40762   |   VUPEN:ADV-2010-1918   |   URL:http://www.vupen.com/english/advisories/2010/1918";Assigned (20100521);"None (candidate not yet proposed)"; | ||||
| 5.0.91;5;0;91;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-extremevalue-dos(64845)   |   URL:http://xforce.iss.net/xforce/xfdb/64845";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.1.50;5;1;50;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-extremevalue-dos(64845)   |   URL:http://xforce.iss.net/xforce/xfdb/64845";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.5.5;5;5;5;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-extremevalue-dos(64845)   |   URL:http://xforce.iss.net/xforce/xfdb/64845";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.0.91;5;0;91;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-derived-table-dos(64844)   |   URL:http://xforce.iss.net/xforce/xfdb/64844";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.1.50;5;1;50;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-derived-table-dos(64844)   |   URL:http://xforce.iss.net/xforce/xfdb/64844";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.5.5;5;5;5;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-derived-table-dos(64844)   |   URL:http://xforce.iss.net/xforce/xfdb/64844";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.1.50;5;1;50;CVE-2010-3835;Candidate;"MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY; then causing the expression value to be used after the table is created; which causes the expression to be re-evaluated instead of accessing its value from the table.";"MISC:http://bugs.mysql.com/bug.php?id=55564   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640819   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-uservariable-dos(64843)   |   URL:http://xforce.iss.net/xforce/xfdb/64843";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.5.5;5;5;5;CVE-2010-3835;Candidate;"MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY; then causing the expression value to be used after the table is created; which causes the expression to be re-evaluated instead of accessing its value from the table.";"MISC:http://bugs.mysql.com/bug.php?id=55564   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640819   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-uservariable-dos(64843)   |   URL:http://xforce.iss.net/xforce/xfdb/64843";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.0.91;5;0;91;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-view-preparation-dos(64842)   |   URL:http://xforce.iss.net/xforce/xfdb/64842";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.1.50;5;1;50;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-view-preparation-dos(64842)   |   URL:http://xforce.iss.net/xforce/xfdb/64842";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.5.5;5;5;5;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-view-preparation-dos(64842)   |   URL:http://xforce.iss.net/xforce/xfdb/64842";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.0.91;5;0;91;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-prepared-statement-dos(64841)   |   URL:http://xforce.iss.net/xforce/xfdb/64841";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.1.50;5;1;50;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-prepared-statement-dos(64841)   |   URL:http://xforce.iss.net/xforce/xfdb/64841";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.5.5;5;5;5;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-prepared-statement-dos(64841)   |   URL:http://xforce.iss.net/xforce/xfdb/64841";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.0.91;5;0;91;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-longblob-dos(64840)   |   URL:http://xforce.iss.net/xforce/xfdb/64840";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.1.50;5;1;50;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-longblob-dos(64840)   |   URL:http://xforce.iss.net/xforce/xfdb/64840";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.5.5;5;5;5;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461   |   CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858   |   CONFIRM:http://support.apple.com/kb/HT4723   |   APPLE:APPLE-SA-2011-06-23-1   |   URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-longblob-dos(64840)   |   URL:http://xforce.iss.net/xforce/xfdb/64840";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 5.1.50;5;1;50;CVE-2010-3840;Candidate;"The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.";"MISC:http://lists.mysql.com/commits/117094   |   CONFIRM:http://bugs.mysql.com/bug.php?id=51875   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640865   |   DEBIAN:DSA-2143   |   URL:http://www.debian.org/security/2011/dsa-2143   |   MANDRIVA:MDVSA-2010:222   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222   |   MANDRIVA:MDVSA-2010:223   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223   |   REDHAT:RHSA-2010:0824   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0824.html   |   REDHAT:RHSA-2010:0825   |   URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html   |   REDHAT:RHSA-2011:0164   |   URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html   |   TURBO:TLSA-2011-3   |   URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt   |   UBUNTU:USN-1017-1   |   URL:http://www.ubuntu.com/usn/USN-1017-1   |   BID:43676   |   URL:http://www.securityfocus.com/bid/43676   |   SECUNIA:42875   |   URL:http://secunia.com/advisories/42875   |   SECUNIA:42936   |   URL:http://secunia.com/advisories/42936   |   VUPEN:ADV-2011-0105   |   URL:http://www.vupen.com/english/advisories/2011/0105   |   VUPEN:ADV-2011-0170   |   URL:http://www.vupen.com/english/advisories/2011/0170   |   VUPEN:ADV-2011-0345   |   URL:http://www.vupen.com/english/advisories/2011/0345   |   XF:mysql-gislinestringinitfromwkb-dos(64838)   |   URL:http://xforce.iss.net/xforce/xfdb/64838";Assigned (20101007);"None (candidate not yet proposed)"; | ||||
| 0.9.3;0;9;3;CVE-2011-0432;Candidate;"Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument.  NOTE: some of these details are obtained from third party information.";"CONFIRM:http://code.google.com/p/pywebdav/updates/list   |   CONFIRM:http://pywebdav.googlecode.com/files/PyWebDAV-0.9.4.1.tar.gz   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=677718   |   DEBIAN:DSA-2177   |   URL:http://www.debian.org/security/2011/dsa-2177   |   FEDORA:FEDORA-2011-2427   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055444.html   |   FEDORA:FEDORA-2011-2460   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055412.html   |   FEDORA:FEDORA-2011-2470   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055413.html   |   BID:46655   |   URL:http://www.securityfocus.com/bid/46655   |   SECUNIA:43571   |   URL:http://secunia.com/advisories/43571   |   SECUNIA:43602   |   URL:http://secunia.com/advisories/43602   |   SECUNIA:43703   |   URL:http://secunia.com/advisories/43703   |   VUPEN:ADV-2011-0553   |   URL:http://www.vupen.com/english/advisories/2011/0553   |   VUPEN:ADV-2011-0554   |   URL:http://www.vupen.com/english/advisories/2011/0554   |   VUPEN:ADV-2011-0634   |   URL:http://www.vupen.com/english/advisories/2011/0634";Assigned (20110112);"None (candidate not yet proposed)"; | ||||
| 5.1.62;5;1;62;CVE-2012-0540;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html   |   GENTOO:GLSA-201308-06   |   URL:http://security.gentoo.org/glsa/glsa-201308-06.xml   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   REDHAT:RHSA-2012:1462   |   URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html   |   BID:54551   |   URL:http://www.securityfocus.com/bid/54551   |   OSVDB:83976   |   URL:http://osvdb.org/83976   |   SECTRACK:1027263   |   URL:http://www.securitytracker.com/id?1027263   |   SECUNIA:51309   |   URL:http://secunia.com/advisories/51309   |   SECUNIA:53372   |   URL:http://secunia.com/advisories/53372   |   XF:mysql-gisextension-dos(77061)   |   URL:http://xforce.iss.net/xforce/xfdb/77061";Assigned (20120111);"None (candidate not yet proposed)"; | ||||
| 5.5.23;5;5;23;CVE-2012-0540;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html   |   GENTOO:GLSA-201308-06   |   URL:http://security.gentoo.org/glsa/glsa-201308-06.xml   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   REDHAT:RHSA-2012:1462   |   URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html   |   BID:54551   |   URL:http://www.securityfocus.com/bid/54551   |   OSVDB:83976   |   URL:http://osvdb.org/83976   |   SECTRACK:1027263   |   URL:http://www.securitytracker.com/id?1027263   |   SECUNIA:51309   |   URL:http://secunia.com/advisories/51309   |   SECUNIA:53372   |   URL:http://secunia.com/advisories/53372   |   XF:mysql-gisextension-dos(77061)   |   URL:http://xforce.iss.net/xforce/xfdb/77061";Assigned (20120111);"None (candidate not yet proposed)"; | ||||
| 5.1.66;5;1;66;CVE-2012-0572;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html   |   GENTOO:GLSA-201308-06   |   URL:http://security.gentoo.org/glsa/glsa-201308-06.xml   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   REDHAT:RHSA-2013:0219   |   URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html   |   UBUNTU:USN-1703-1   |   URL:http://www.ubuntu.com/usn/USN-1703-1   |   OVAL:oval:org.mitre.oval:def:16792   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16792   |   SECUNIA:53372   |   URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; | ||||
|  | @ -86,9 +86,9 @@ | |||
| 5.5.23;5;5;23;CVE-2012-1735;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   BID:54549   |   URL:http://www.securityfocus.com/bid/54549   |   OSVDB:83975   |   URL:http://osvdb.org/83975   |   SECTRACK:1027263   |   URL:http://www.securitytracker.com/id?1027263   |   XF:mysql-serveroptimizer-dos(77060)   |   URL:http://xforce.iss.net/xforce/xfdb/77060";Assigned (20120316);"None (candidate not yet proposed)"; | ||||
| 5.5.23;5;5;23;CVE-2012-1756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   BID:54524   |   URL:http://www.securityfocus.com/bid/54524   |   OSVDB:83978   |   URL:http://osvdb.org/83978   |   SECTRACK:1027263   |   URL:http://www.securitytracker.com/id?1027263   |   XF:mysql-server1-dos(77063)   |   URL:http://xforce.iss.net/xforce/xfdb/77063";Assigned (20120316);"None (candidate not yet proposed)"; | ||||
| 5.5.23;5;5;23;CVE-2012-1757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   BID:54526   |   URL:http://www.securityfocus.com/bid/54526   |   OSVDB:83977   |   URL:http://osvdb.org/83977   |   SECTRACK:1027263   |   URL:http://www.securitytracker.com/id?1027263   |   XF:mysql-innodb1-dos(77062)   |   URL:http://xforce.iss.net/xforce/xfdb/77062";Assigned (20120316);"None (candidate not yet proposed)"; | ||||
| 5.1.62;5;1;62;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ  NEXT after DELETE   |   URL:http://www.openwall.com/lists/oss-security/2012/04/13/7   |   MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15   |   MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html   |   GENTOO:GLSA-201308-06   |   URL:http://security.gentoo.org/glsa/glsa-201308-06.xml   |   BID:52931   |   URL:http://www.securityfocus.com/bid/52931   |   SECUNIA:53372   |   URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; | ||||
| 5.5.22;5;5;22;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ  NEXT after DELETE   |   URL:http://www.openwall.com/lists/oss-security/2012/04/13/7   |   MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15   |   MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html   |   GENTOO:GLSA-201308-06   |   URL:http://security.gentoo.org/glsa/glsa-201308-06.xml   |   BID:52931   |   URL:http://www.securityfocus.com/bid/52931   |   SECUNIA:53372   |   URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; | ||||
| 97.15.15;97;15;15;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ  NEXT after DELETE   |   URL:http://www.openwall.com/lists/oss-security/2012/04/13/7   |   MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15   |   MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html   |   GENTOO:GLSA-201308-06   |   URL:http://security.gentoo.org/glsa/glsa-201308-06.xml   |   BID:52931   |   URL:http://www.securityfocus.com/bid/52931   |   SECUNIA:53372   |   URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; | ||||
| 5.1.61;5;1;61;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ  NEXT after DELETE   |   URL:http://www.openwall.com/lists/oss-security/2012/04/13/7   |   MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15   |   MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html   |   GENTOO:GLSA-201308-06   |   URL:http://security.gentoo.org/glsa/glsa-201308-06.xml   |   BID:52931   |   URL:http://www.securityfocus.com/bid/52931   |   SECUNIA:53372   |   URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; | ||||
| 5.5.21;5;5;21;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ  NEXT after DELETE   |   URL:http://www.openwall.com/lists/oss-security/2012/04/13/7   |   MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15   |   MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html   |   GENTOO:GLSA-201308-06   |   URL:http://security.gentoo.org/glsa/glsa-201308-06.xml   |   BID:52931   |   URL:http://www.securityfocus.com/bid/52931   |   SECUNIA:53372   |   URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; | ||||
| 97.15.14;97;15;14;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ  NEXT after DELETE   |   URL:http://www.openwall.com/lists/oss-security/2012/04/13/7   |   MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15   |   MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/   |   CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html   |   CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html   |   GENTOO:GLSA-201308-06   |   URL:http://security.gentoo.org/glsa/glsa-201308-06.xml   |   BID:52931   |   URL:http://www.securityfocus.com/bid/52931   |   SECUNIA:53372   |   URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; | ||||
| 5.5.26;5;5;26;CVE-2012-3144;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   UBUNTU:USN-1621-1   |   URL:http://www.ubuntu.com/usn/USN-1621-1   |   SECUNIA:51177   |   URL:http://secunia.com/advisories/51177   |   XF:mysqlserver-server-cve20123144-dos(79387)   |   URL:http://xforce.iss.net/xforce/xfdb/79387";Assigned (20120606);"None (candidate not yet proposed)"; | ||||
| 5.5.26;5;5;26;CVE-2012-3147;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability; related to MySQL Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   MANDRIVA:MDVSA-2013:102   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102   |   UBUNTU:USN-1621-1   |   URL:http://www.ubuntu.com/usn/USN-1621-1   |   SECUNIA:51177   |   URL:http://secunia.com/advisories/51177   |   XF:mysqlserver-client-cve20123147(79384)   |   URL:http://xforce.iss.net/xforce/xfdb/79384";Assigned (20120606);"None (candidate not yet proposed)"; | ||||
| 5.5.26;5;5;26;CVE-2012-3149;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality; related to MySQL Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   UBUNTU:USN-1621-1   |   URL:http://www.ubuntu.com/usn/USN-1621-1   |   SECUNIA:51177   |   URL:http://secunia.com/advisories/51177   |   XF:mysqlserver-client-info-disc(79390)   |   URL:http://xforce.iss.net/xforce/xfdb/79390";Assigned (20120606);"None (candidate not yet proposed)"; | ||||
|  | @ -113,11 +113,11 @@ | |||
| 5.5.27;5;5;27;CVE-2012-3180;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html   |   DEBIAN:DSA-2581   |   URL:http://www.debian.org/security/2012/dsa-2581   |   GENTOO:GLSA-201308-06   |   URL:http://security.gentoo.org/glsa/glsa-201308-06.xml   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   REDHAT:RHSA-2012:1462   |   URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html   |   UBUNTU:USN-1621-1   |   URL:http://www.ubuntu.com/usn/USN-1621-1   |   SECUNIA:51309   |   URL:http://secunia.com/advisories/51309   |   SECUNIA:51177   |   URL:http://secunia.com/advisories/51177   |   SECUNIA:53372   |   URL:http://secunia.com/advisories/53372   |   XF:mysqlserver-optimize-dos(79389)   |   URL:http://xforce.iss.net/xforce/xfdb/79389";Assigned (20120606);"None (candidate not yet proposed)"; | ||||
| 5.1.64;5;1;64;CVE-2012-3197;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html   |   DEBIAN:DSA-2581   |   URL:http://www.debian.org/security/2012/dsa-2581   |   GENTOO:GLSA-201308-06   |   URL:http://security.gentoo.org/glsa/glsa-201308-06.xml   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   REDHAT:RHSA-2012:1462   |   URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html   |   UBUNTU:USN-1621-1   |   URL:http://www.ubuntu.com/usn/USN-1621-1   |   SECUNIA:51309   |   URL:http://secunia.com/advisories/51309   |   SECUNIA:51177   |   URL:http://secunia.com/advisories/51177   |   SECUNIA:53372   |   URL:http://secunia.com/advisories/53372   |   XF:mysqlserver-serverreplication-dos(79393)   |   URL:http://xforce.iss.net/xforce/xfdb/79393";Assigned (20120606);"None (candidate not yet proposed)"; | ||||
| 5.5.26;5;5;26;CVE-2012-3197;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html   |   DEBIAN:DSA-2581   |   URL:http://www.debian.org/security/2012/dsa-2581   |   GENTOO:GLSA-201308-06   |   URL:http://security.gentoo.org/glsa/glsa-201308-06.xml   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   REDHAT:RHSA-2012:1462   |   URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html   |   UBUNTU:USN-1621-1   |   URL:http://www.ubuntu.com/usn/USN-1621-1   |   SECUNIA:51309   |   URL:http://secunia.com/advisories/51309   |   SECUNIA:51177   |   URL:http://secunia.com/advisories/51177   |   SECUNIA:53372   |   URL:http://secunia.com/advisories/53372   |   XF:mysqlserver-serverreplication-dos(79393)   |   URL:http://xforce.iss.net/xforce/xfdb/79393";Assigned (20120606);"None (candidate not yet proposed)"; | ||||
| 5.5.29;5;5;29;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log.  NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB   |   URL:http://www.openwall.com/lists/oss-security/2012/09/11/4   |   MISC:http://bugs.mysql.com/bug.php?id=66550   |   MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   MANDRIVA:MDVSA-2013:102   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102   |   SUSE:openSUSE-SU-2013:0011   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html   |   SUSE:openSUSE-SU-2013:0014   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html   |   SUSE:openSUSE-SU-2013:0135   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html   |   SUSE:openSUSE-SU-2013:0156   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html   |   BID:55498   |   URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; | ||||
| 5.1.62;5;1;62;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log.  NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB   |   URL:http://www.openwall.com/lists/oss-security/2012/09/11/4   |   MISC:http://bugs.mysql.com/bug.php?id=66550   |   MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   MANDRIVA:MDVSA-2013:102   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102   |   SUSE:openSUSE-SU-2013:0011   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html   |   SUSE:openSUSE-SU-2013:0014   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html   |   SUSE:openSUSE-SU-2013:0135   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html   |   SUSE:openSUSE-SU-2013:0156   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html   |   BID:55498   |   URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; | ||||
| 5.2.12;5;2;12;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log.  NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB   |   URL:http://www.openwall.com/lists/oss-security/2012/09/11/4   |   MISC:http://bugs.mysql.com/bug.php?id=66550   |   MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   MANDRIVA:MDVSA-2013:102   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102   |   SUSE:openSUSE-SU-2013:0011   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html   |   SUSE:openSUSE-SU-2013:0014   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html   |   SUSE:openSUSE-SU-2013:0135   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html   |   SUSE:openSUSE-SU-2013:0156   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html   |   BID:55498   |   URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; | ||||
| 5.3.7;5;3;7;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log.  NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB   |   URL:http://www.openwall.com/lists/oss-security/2012/09/11/4   |   MISC:http://bugs.mysql.com/bug.php?id=66550   |   MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   MANDRIVA:MDVSA-2013:102   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102   |   SUSE:openSUSE-SU-2013:0011   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html   |   SUSE:openSUSE-SU-2013:0014   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html   |   SUSE:openSUSE-SU-2013:0135   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html   |   SUSE:openSUSE-SU-2013:0156   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html   |   BID:55498   |   URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; | ||||
| 5.5.25;5;5;25;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log.  NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB   |   URL:http://www.openwall.com/lists/oss-security/2012/09/11/4   |   MISC:http://bugs.mysql.com/bug.php?id=66550   |   MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   MANDRIVA:MDVSA-2013:102   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102   |   SUSE:openSUSE-SU-2013:0011   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html   |   SUSE:openSUSE-SU-2013:0014   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html   |   SUSE:openSUSE-SU-2013:0135   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html   |   SUSE:openSUSE-SU-2013:0156   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html   |   BID:55498   |   URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; | ||||
| 5.5.28;5;5;28;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log.  NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB   |   URL:http://www.openwall.com/lists/oss-security/2012/09/11/4   |   MISC:http://bugs.mysql.com/bug.php?id=66550   |   MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   MANDRIVA:MDVSA-2013:102   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102   |   SUSE:openSUSE-SU-2013:0011   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html   |   SUSE:openSUSE-SU-2013:0014   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html   |   SUSE:openSUSE-SU-2013:0135   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html   |   SUSE:openSUSE-SU-2013:0156   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html   |   BID:55498   |   URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; | ||||
| 5.1.61;5;1;61;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log.  NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB   |   URL:http://www.openwall.com/lists/oss-security/2012/09/11/4   |   MISC:http://bugs.mysql.com/bug.php?id=66550   |   MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   MANDRIVA:MDVSA-2013:102   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102   |   SUSE:openSUSE-SU-2013:0011   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html   |   SUSE:openSUSE-SU-2013:0014   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html   |   SUSE:openSUSE-SU-2013:0135   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html   |   SUSE:openSUSE-SU-2013:0156   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html   |   BID:55498   |   URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; | ||||
| 5.2.11;5;2;11;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log.  NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB   |   URL:http://www.openwall.com/lists/oss-security/2012/09/11/4   |   MISC:http://bugs.mysql.com/bug.php?id=66550   |   MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   MANDRIVA:MDVSA-2013:102   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102   |   SUSE:openSUSE-SU-2013:0011   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html   |   SUSE:openSUSE-SU-2013:0014   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html   |   SUSE:openSUSE-SU-2013:0135   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html   |   SUSE:openSUSE-SU-2013:0156   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html   |   BID:55498   |   URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; | ||||
| 5.3.6;5;3;6;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log.  NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB   |   URL:http://www.openwall.com/lists/oss-security/2012/09/11/4   |   MISC:http://bugs.mysql.com/bug.php?id=66550   |   MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   MANDRIVA:MDVSA-2013:102   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102   |   SUSE:openSUSE-SU-2013:0011   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html   |   SUSE:openSUSE-SU-2013:0014   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html   |   SUSE:openSUSE-SU-2013:0135   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html   |   SUSE:openSUSE-SU-2013:0156   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html   |   BID:55498   |   URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; | ||||
| 5.5.24;5;5;24;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log.  NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB   |   URL:http://www.openwall.com/lists/oss-security/2012/09/11/4   |   MISC:http://bugs.mysql.com/bug.php?id=66550   |   MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   MANDRIVA:MDVSA-2013:102   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102   |   SUSE:openSUSE-SU-2013:0011   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html   |   SUSE:openSUSE-SU-2013:0014   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html   |   SUSE:openSUSE-SU-2013:0135   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html   |   SUSE:openSUSE-SU-2013:0156   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html   |   BID:55498   |   URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; | ||||
| 5.1.65;5;1;65;CVE-2012-5060;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html   |   GENTOO:GLSA-201308-06   |   URL:http://security.gentoo.org/glsa/glsa-201308-06.xml   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   UBUNTU:USN-1703-1   |   URL:http://www.ubuntu.com/usn/USN-1703-1   |   SECUNIA:53372   |   URL:http://secunia.com/advisories/53372";Assigned (20120921);"None (candidate not yet proposed)"; | ||||
| 5.5.27;5;5;27;CVE-2012-5060;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html   |   GENTOO:GLSA-201308-06   |   URL:http://security.gentoo.org/glsa/glsa-201308-06.xml   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   UBUNTU:USN-1703-1   |   URL:http://www.ubuntu.com/usn/USN-1703-1   |   SECUNIA:53372   |   URL:http://secunia.com/advisories/53372";Assigned (20120921);"None (candidate not yet proposed)"; | ||||
| 5.5.28;5;5;28;CVE-2012-5096;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html   |   GENTOO:GLSA-201308-06   |   URL:http://security.gentoo.org/glsa/glsa-201308-06.xml   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   UBUNTU:USN-1703-1   |   URL:http://www.ubuntu.com/usn/USN-1703-1   |   OVAL:oval:org.mitre.oval:def:16877   |   URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16877   |   SECUNIA:53372   |   URL:http://secunia.com/advisories/53372";Assigned (20120922);"None (candidate not yet proposed)"; | ||||
|  | @ -150,13 +150,13 @@ | |||
| 5.1.63;5;1;63;CVE-2013-1548;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html   |   GENTOO:GLSA-201308-06   |   URL:http://security.gentoo.org/glsa/glsa-201308-06.xml   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   REDHAT:RHSA-2013:0772   |   URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html   |   SECUNIA:53372   |   URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; | ||||
| 5.1.67;5;1;67;CVE-2013-1555;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; and 5.5.29 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html   |   GENTOO:GLSA-201308-06   |   URL:http://security.gentoo.org/glsa/glsa-201308-06.xml   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   REDHAT:RHSA-2013:0772   |   URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html   |   SECUNIA:53372   |   URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; | ||||
| 5.5.29;5;5;29;CVE-2013-1555;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; and 5.5.29 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html   |   GENTOO:GLSA-201308-06   |   URL:http://security.gentoo.org/glsa/glsa-201308-06.xml   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   REDHAT:RHSA-2013:0772   |   URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html   |   SECUNIA:53372   |   URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; | ||||
| 5.5.30;5;5;30;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/   |   URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html   |   MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld   |   URL:http://seclists.org/oss-sec/2013/q1/671   |   MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   SUSE:SUSE-SU-2013:1390   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html   |   SUSE:openSUSE-SU-2013:1335   |   URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html   |   SUSE:openSUSE-SU-2013:1410   |   URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html   |   SUSE:SUSE-SU-2013:1529   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html   |   UBUNTU:USN-1909-1   |   URL:http://www.ubuntu.com/usn/USN-1909-1   |   BID:58511   |   URL:http://www.securityfocus.com/bid/58511   |   OSVDB:91415   |   URL:http://www.osvdb.org/91415   |   SECUNIA:52639   |   URL:http://secunia.com/advisories/52639   |   SECUNIA:54300   |   URL:http://secunia.com/advisories/54300   |   XF:mysql-mariadb-cve20131861-dos(82895)   |   URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; | ||||
| 5.3.13;5;3;13;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/   |   URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html   |   MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld   |   URL:http://seclists.org/oss-sec/2013/q1/671   |   MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   SUSE:SUSE-SU-2013:1390   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html   |   SUSE:openSUSE-SU-2013:1335   |   URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html   |   SUSE:openSUSE-SU-2013:1410   |   URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html   |   SUSE:SUSE-SU-2013:1529   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html   |   UBUNTU:USN-1909-1   |   URL:http://www.ubuntu.com/usn/USN-1909-1   |   BID:58511   |   URL:http://www.securityfocus.com/bid/58511   |   OSVDB:91415   |   URL:http://www.osvdb.org/91415   |   SECUNIA:52639   |   URL:http://secunia.com/advisories/52639   |   SECUNIA:54300   |   URL:http://secunia.com/advisories/54300   |   XF:mysql-mariadb-cve20131861-dos(82895)   |   URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; | ||||
| 5.2.15;5;2;15;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/   |   URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html   |   MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld   |   URL:http://seclists.org/oss-sec/2013/q1/671   |   MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   SUSE:SUSE-SU-2013:1390   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html   |   SUSE:openSUSE-SU-2013:1335   |   URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html   |   SUSE:openSUSE-SU-2013:1410   |   URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html   |   SUSE:SUSE-SU-2013:1529   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html   |   UBUNTU:USN-1909-1   |   URL:http://www.ubuntu.com/usn/USN-1909-1   |   BID:58511   |   URL:http://www.securityfocus.com/bid/58511   |   OSVDB:91415   |   URL:http://www.osvdb.org/91415   |   SECUNIA:52639   |   URL:http://secunia.com/advisories/52639   |   SECUNIA:54300   |   URL:http://secunia.com/advisories/54300   |   XF:mysql-mariadb-cve20131861-dos(82895)   |   URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; | ||||
| 5.1.68;5;1;68;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/   |   URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html   |   MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld   |   URL:http://seclists.org/oss-sec/2013/q1/671   |   MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   SUSE:SUSE-SU-2013:1390   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html   |   SUSE:openSUSE-SU-2013:1335   |   URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html   |   SUSE:openSUSE-SU-2013:1410   |   URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html   |   SUSE:SUSE-SU-2013:1529   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html   |   UBUNTU:USN-1909-1   |   URL:http://www.ubuntu.com/usn/USN-1909-1   |   BID:58511   |   URL:http://www.securityfocus.com/bid/58511   |   OSVDB:91415   |   URL:http://www.osvdb.org/91415   |   SECUNIA:52639   |   URL:http://secunia.com/advisories/52639   |   SECUNIA:54300   |   URL:http://secunia.com/advisories/54300   |   XF:mysql-mariadb-cve20131861-dos(82895)   |   URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; | ||||
| 5.1.69;5;1;69;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/   |   URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html   |   MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld   |   URL:http://seclists.org/oss-sec/2013/q1/671   |   MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   SUSE:SUSE-SU-2013:1390   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html   |   SUSE:openSUSE-SU-2013:1335   |   URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html   |   SUSE:openSUSE-SU-2013:1410   |   URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html   |   SUSE:SUSE-SU-2013:1529   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html   |   UBUNTU:USN-1909-1   |   URL:http://www.ubuntu.com/usn/USN-1909-1   |   BID:58511   |   URL:http://www.securityfocus.com/bid/58511   |   OSVDB:91415   |   URL:http://www.osvdb.org/91415   |   SECUNIA:52639   |   URL:http://secunia.com/advisories/52639   |   SECUNIA:54300   |   URL:http://secunia.com/advisories/54300   |   XF:mysql-mariadb-cve20131861-dos(82895)   |   URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; | ||||
| 5.5.31;5;5;31;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/   |   URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html   |   MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld   |   URL:http://seclists.org/oss-sec/2013/q1/671   |   MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   SUSE:SUSE-SU-2013:1390   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html   |   SUSE:openSUSE-SU-2013:1335   |   URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html   |   SUSE:openSUSE-SU-2013:1410   |   URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html   |   SUSE:SUSE-SU-2013:1529   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html   |   UBUNTU:USN-1909-1   |   URL:http://www.ubuntu.com/usn/USN-1909-1   |   BID:58511   |   URL:http://www.securityfocus.com/bid/58511   |   OSVDB:91415   |   URL:http://www.osvdb.org/91415   |   SECUNIA:52639   |   URL:http://secunia.com/advisories/52639   |   SECUNIA:54300   |   URL:http://secunia.com/advisories/54300   |   XF:mysql-mariadb-cve20131861-dos(82895)   |   URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; | ||||
| 5.6.11;5;6;11;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/   |   URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html   |   MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld   |   URL:http://seclists.org/oss-sec/2013/q1/671   |   MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   SUSE:SUSE-SU-2013:1390   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html   |   SUSE:openSUSE-SU-2013:1335   |   URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html   |   SUSE:openSUSE-SU-2013:1410   |   URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html   |   SUSE:SUSE-SU-2013:1529   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html   |   UBUNTU:USN-1909-1   |   URL:http://www.ubuntu.com/usn/USN-1909-1   |   BID:58511   |   URL:http://www.securityfocus.com/bid/58511   |   OSVDB:91415   |   URL:http://www.osvdb.org/91415   |   SECUNIA:52639   |   URL:http://secunia.com/advisories/52639   |   SECUNIA:54300   |   URL:http://secunia.com/advisories/54300   |   XF:mysql-mariadb-cve20131861-dos(82895)   |   URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; | ||||
| 5.5.29;5;5;29;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/   |   URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html   |   MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld   |   URL:http://seclists.org/oss-sec/2013/q1/671   |   MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   SUSE:SUSE-SU-2013:1390   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html   |   SUSE:openSUSE-SU-2013:1335   |   URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html   |   SUSE:openSUSE-SU-2013:1410   |   URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html   |   SUSE:SUSE-SU-2013:1529   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html   |   UBUNTU:USN-1909-1   |   URL:http://www.ubuntu.com/usn/USN-1909-1   |   BID:58511   |   URL:http://www.securityfocus.com/bid/58511   |   OSVDB:91415   |   URL:http://www.osvdb.org/91415   |   SECUNIA:52639   |   URL:http://secunia.com/advisories/52639   |   SECUNIA:54300   |   URL:http://secunia.com/advisories/54300   |   XF:mysql-mariadb-cve20131861-dos(82895)   |   URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; | ||||
| 5.3.12;5;3;12;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/   |   URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html   |   MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld   |   URL:http://seclists.org/oss-sec/2013/q1/671   |   MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   SUSE:SUSE-SU-2013:1390   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html   |   SUSE:openSUSE-SU-2013:1335   |   URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html   |   SUSE:openSUSE-SU-2013:1410   |   URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html   |   SUSE:SUSE-SU-2013:1529   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html   |   UBUNTU:USN-1909-1   |   URL:http://www.ubuntu.com/usn/USN-1909-1   |   BID:58511   |   URL:http://www.securityfocus.com/bid/58511   |   OSVDB:91415   |   URL:http://www.osvdb.org/91415   |   SECUNIA:52639   |   URL:http://secunia.com/advisories/52639   |   SECUNIA:54300   |   URL:http://secunia.com/advisories/54300   |   XF:mysql-mariadb-cve20131861-dos(82895)   |   URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; | ||||
| 5.2.14;5;2;14;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/   |   URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html   |   MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld   |   URL:http://seclists.org/oss-sec/2013/q1/671   |   MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   SUSE:SUSE-SU-2013:1390   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html   |   SUSE:openSUSE-SU-2013:1335   |   URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html   |   SUSE:openSUSE-SU-2013:1410   |   URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html   |   SUSE:SUSE-SU-2013:1529   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html   |   UBUNTU:USN-1909-1   |   URL:http://www.ubuntu.com/usn/USN-1909-1   |   BID:58511   |   URL:http://www.securityfocus.com/bid/58511   |   OSVDB:91415   |   URL:http://www.osvdb.org/91415   |   SECUNIA:52639   |   URL:http://secunia.com/advisories/52639   |   SECUNIA:54300   |   URL:http://secunia.com/advisories/54300   |   XF:mysql-mariadb-cve20131861-dos(82895)   |   URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; | ||||
| 5.1.67;5;1;67;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/   |   URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html   |   MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld   |   URL:http://seclists.org/oss-sec/2013/q1/671   |   MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   SUSE:SUSE-SU-2013:1390   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html   |   SUSE:openSUSE-SU-2013:1335   |   URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html   |   SUSE:openSUSE-SU-2013:1410   |   URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html   |   SUSE:SUSE-SU-2013:1529   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html   |   UBUNTU:USN-1909-1   |   URL:http://www.ubuntu.com/usn/USN-1909-1   |   BID:58511   |   URL:http://www.securityfocus.com/bid/58511   |   OSVDB:91415   |   URL:http://www.osvdb.org/91415   |   SECUNIA:52639   |   URL:http://secunia.com/advisories/52639   |   SECUNIA:54300   |   URL:http://secunia.com/advisories/54300   |   XF:mysql-mariadb-cve20131861-dos(82895)   |   URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; | ||||
| 5.1.68;5;1;68;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/   |   URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html   |   MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld   |   URL:http://seclists.org/oss-sec/2013/q1/671   |   MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   SUSE:SUSE-SU-2013:1390   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html   |   SUSE:openSUSE-SU-2013:1335   |   URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html   |   SUSE:openSUSE-SU-2013:1410   |   URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html   |   SUSE:SUSE-SU-2013:1529   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html   |   UBUNTU:USN-1909-1   |   URL:http://www.ubuntu.com/usn/USN-1909-1   |   BID:58511   |   URL:http://www.securityfocus.com/bid/58511   |   OSVDB:91415   |   URL:http://www.osvdb.org/91415   |   SECUNIA:52639   |   URL:http://secunia.com/advisories/52639   |   SECUNIA:54300   |   URL:http://secunia.com/advisories/54300   |   XF:mysql-mariadb-cve20131861-dos(82895)   |   URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; | ||||
| 5.5.30;5;5;30;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/   |   URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html   |   MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld   |   URL:http://seclists.org/oss-sec/2013/q1/671   |   MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   SUSE:SUSE-SU-2013:1390   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html   |   SUSE:openSUSE-SU-2013:1335   |   URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html   |   SUSE:openSUSE-SU-2013:1410   |   URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html   |   SUSE:SUSE-SU-2013:1529   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html   |   UBUNTU:USN-1909-1   |   URL:http://www.ubuntu.com/usn/USN-1909-1   |   BID:58511   |   URL:http://www.securityfocus.com/bid/58511   |   OSVDB:91415   |   URL:http://www.osvdb.org/91415   |   SECUNIA:52639   |   URL:http://secunia.com/advisories/52639   |   SECUNIA:54300   |   URL:http://secunia.com/advisories/54300   |   XF:mysql-mariadb-cve20131861-dos(82895)   |   URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; | ||||
| 5.6.10;5;6;10;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/   |   URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html   |   MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld   |   URL:http://seclists.org/oss-sec/2013/q1/671   |   MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   SUSE:SUSE-SU-2013:1390   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html   |   SUSE:openSUSE-SU-2013:1335   |   URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html   |   SUSE:openSUSE-SU-2013:1410   |   URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html   |   SUSE:SUSE-SU-2013:1529   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html   |   UBUNTU:USN-1909-1   |   URL:http://www.ubuntu.com/usn/USN-1909-1   |   BID:58511   |   URL:http://www.securityfocus.com/bid/58511   |   OSVDB:91415   |   URL:http://www.osvdb.org/91415   |   SECUNIA:52639   |   URL:http://secunia.com/advisories/52639   |   SECUNIA:54300   |   URL:http://secunia.com/advisories/54300   |   XF:mysql-mariadb-cve20131861-dos(82895)   |   URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; | ||||
| 5.6.10;5;6;10;CVE-2013-2381;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html   |   GENTOO:GLSA-201308-06   |   URL:http://security.gentoo.org/glsa/glsa-201308-06.xml   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   SECUNIA:53372   |   URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; | ||||
| 5.1.68;5;1;68;CVE-2013-2391;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html   |   GENTOO:GLSA-201308-06   |   URL:http://security.gentoo.org/glsa/glsa-201308-06.xml   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   REDHAT:RHSA-2013:0772   |   URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html   |   SECUNIA:53372   |   URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; | ||||
| 5.5.30;5;5;30;CVE-2013-2391;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html   |   GENTOO:GLSA-201308-06   |   URL:http://security.gentoo.org/glsa/glsa-201308-06.xml   |   MANDRIVA:MDVSA-2013:150   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150   |   REDHAT:RHSA-2013:0772   |   URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html   |   SECUNIA:53372   |   URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; | ||||
|  | @ -193,359 +193,461 @@ | |||
| 5.6.11;5;6;11;CVE-2013-3811;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-3806.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html   |   SUSE:SUSE-SU-2013:1390   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html   |   SUSE:openSUSE-SU-2013:1335   |   URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html   |   SUSE:openSUSE-SU-2013:1410   |   URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html   |   SUSE:SUSE-SU-2013:1529   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html   |   OSVDB:95335   |   URL:http://osvdb.org/95335   |   XF:oracle-cpujuly2013-cve20133811(85722)   |   URL:http://xforce.iss.net/xforce/xfdb/85722";Assigned (20130603);"None (candidate not yet proposed)"; | ||||
| 5.5.31;5;5;31;CVE-2013-3812;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   SUSE:SUSE-SU-2013:1390   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html   |   SUSE:openSUSE-SU-2013:1335   |   URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html   |   SUSE:openSUSE-SU-2013:1410   |   URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html   |   SUSE:SUSE-SU-2013:1529   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html   |   UBUNTU:USN-1909-1   |   URL:http://www.ubuntu.com/usn/USN-1909-1   |   OSVDB:95336   |   URL:http://osvdb.org/95336   |   SECUNIA:54300   |   URL:http://secunia.com/advisories/54300   |   XF:oracle-cpujuly2013-cve20133812(85723)   |   URL:http://xforce.iss.net/xforce/xfdb/85723";Assigned (20130603);"None (candidate not yet proposed)"; | ||||
| 5.6.11;5;6;11;CVE-2013-3812;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   SUSE:SUSE-SU-2013:1390   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html   |   SUSE:openSUSE-SU-2013:1335   |   URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html   |   SUSE:openSUSE-SU-2013:1410   |   URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html   |   SUSE:SUSE-SU-2013:1529   |   URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html   |   UBUNTU:USN-1909-1   |   URL:http://www.ubuntu.com/usn/USN-1909-1   |   OSVDB:95336   |   URL:http://osvdb.org/95336   |   SECUNIA:54300   |   URL:http://secunia.com/advisories/54300   |   XF:oracle-cpujuly2013-cve20133812(85723)   |   URL:http://xforce.iss.net/xforce/xfdb/85723";Assigned (20130603);"None (candidate not yet proposed)"; | ||||
| 5.1.70;5;1;70;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html   |   DEBIAN:DSA-2780   |   URL:http://www.debian.org/security/2013/dsa-2780   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   MANDRIVA:MDVSA-2013:250   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2006-1   |   URL:http://www.ubuntu.com/usn/USN-2006-1   |   SECTRACK:1029184   |   URL:http://www.securitytracker.com/id/1029184   |   SECUNIA:55291   |   URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; | ||||
| 5.5.32;5;5;32;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html   |   DEBIAN:DSA-2780   |   URL:http://www.debian.org/security/2013/dsa-2780   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   MANDRIVA:MDVSA-2013:250   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2006-1   |   URL:http://www.ubuntu.com/usn/USN-2006-1   |   SECTRACK:1029184   |   URL:http://www.securitytracker.com/id/1029184   |   SECUNIA:55291   |   URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; | ||||
| 5.6.12;5;6;12;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html   |   DEBIAN:DSA-2780   |   URL:http://www.debian.org/security/2013/dsa-2780   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   MANDRIVA:MDVSA-2013:250   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2006-1   |   URL:http://www.ubuntu.com/usn/USN-2006-1   |   SECTRACK:1029184   |   URL:http://www.securitytracker.com/id/1029184   |   SECUNIA:55291   |   URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; | ||||
| 5.6.12;5;6;12;CVE-2013-5767;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html   |   SECTRACK:1029184   |   URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.6.11;5;6;11;CVE-2013-5770;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html   |   SECTRACK:1029184   |   URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.6.12;5;6;12;CVE-2013-5786;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5793.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html   |   SECTRACK:1029184   |   URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.6.12;5;6;12;CVE-2013-5793;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5786.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html   |   SECTRACK:1029184   |   URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.5.32;5;5;32;CVE-2013-5807;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2006-1   |   URL:http://www.ubuntu.com/usn/USN-2006-1   |   SECTRACK:1029184   |   URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.6.12;5;6;12;CVE-2013-5807;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2006-1   |   URL:http://www.ubuntu.com/usn/USN-2006-1   |   SECTRACK:1029184   |   URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.6.14;5;6;14;CVE-2013-5860;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64864   |   URL:http://www.securityfocus.com/bid/64864   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   XF:oracle-cpujan2014-cve20135860(90373)   |   URL:http://xforce.iss.net/xforce/xfdb/90373";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.6.14;5;6;14;CVE-2013-5881;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2014-0431.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64885   |   URL:http://www.securityfocus.com/bid/64885   |   OSVDB:102066   |   URL:http://osvdb.org/102066   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   XF:oracle-cpujan2014-cve20135881(90377)   |   URL:http://xforce.iss.net/xforce/xfdb/90377";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.6.13;5;6;13;CVE-2013-5882;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64854   |   URL:http://www.securityfocus.com/bid/64854   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   XF:oracle-cpujan2014-cve20135882(90374)   |   URL:http://xforce.iss.net/xforce/xfdb/90374";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.5.33;5;5;33;CVE-2013-5891;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64891   |   URL:http://www.securityfocus.com/bid/64891   |   OSVDB:102070   |   URL:http://osvdb.org/102070   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.6.13;5;6;13;CVE-2013-5891;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64891   |   URL:http://www.securityfocus.com/bid/64891   |   OSVDB:102070   |   URL:http://osvdb.org/102070   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.6.13;5;6;13;CVE-2013-5894;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64873   |   URL:http://www.securityfocus.com/bid/64873   |   OSVDB:102065   |   URL:http://osvdb.org/102065   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   XF:oracle-cpujan2014-cve20135894(90376)   |   URL:http://xforce.iss.net/xforce/xfdb/90376";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.1.72;5;1;72;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64896   |   URL:http://www.securityfocus.com/bid/64896   |   OSVDB:102078   |   URL:http://osvdb.org/102078   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20135908(90389)   |   URL:http://xforce.iss.net/xforce/xfdb/90389";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.5.34;5;5;34;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64896   |   URL:http://www.securityfocus.com/bid/64896   |   OSVDB:102078   |   URL:http://osvdb.org/102078   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20135908(90389)   |   URL:http://xforce.iss.net/xforce/xfdb/90389";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.6.14;5;6;14;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64896   |   URL:http://www.securityfocus.com/bid/64896   |   OSVDB:102078   |   URL:http://osvdb.org/102078   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20135908(90389)   |   URL:http://xforce.iss.net/xforce/xfdb/90389";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.5.35;5;5;35;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592   |   CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/   |   MANDRIVA:MDVSA-2014:029   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   OSVDB:102713   |   URL:http://osvdb.org/102713   |   OSVDB:102714   |   URL:http://www.osvdb.org/102714";Assigned (20131203);"None (candidate not yet proposed)"; | ||||
| 02.565.64;02;565;64;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592   |   CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/   |   MANDRIVA:MDVSA-2014:029   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   OSVDB:102713   |   URL:http://osvdb.org/102713   |   OSVDB:102714   |   URL:http://www.osvdb.org/102714";Assigned (20131203);"None (candidate not yet proposed)"; | ||||
| 5.5.35;5;5;35;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.6.15;5;6;15;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.1.71;5;1;71;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64904   |   URL:http://www.securityfocus.com/bid/64904   |   OSVDB:102069   |   URL:http://osvdb.org/102069   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140386(90380)   |   URL:http://xforce.iss.net/xforce/xfdb/90380";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.5.33;5;5;33;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64904   |   URL:http://www.securityfocus.com/bid/64904   |   OSVDB:102069   |   URL:http://osvdb.org/102069   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140386(90380)   |   URL:http://xforce.iss.net/xforce/xfdb/90380";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.6.13;5;6;13;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64904   |   URL:http://www.securityfocus.com/bid/64904   |   OSVDB:102069   |   URL:http://osvdb.org/102069   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140386(90380)   |   URL:http://xforce.iss.net/xforce/xfdb/90380";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.1.71;5;1;71;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64877   |   URL:http://www.securityfocus.com/bid/64877   |   OSVDB:102075   |   URL:http://osvdb.org/102075   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140393(90386)   |   URL:http://xforce.iss.net/xforce/xfdb/90386";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.5.33;5;5;33;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64877   |   URL:http://www.securityfocus.com/bid/64877   |   OSVDB:102075   |   URL:http://osvdb.org/102075   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140393(90386)   |   URL:http://xforce.iss.net/xforce/xfdb/90386";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.6.13;5;6;13;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64877   |   URL:http://www.securityfocus.com/bid/64877   |   OSVDB:102075   |   URL:http://osvdb.org/102075   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140393(90386)   |   URL:http://xforce.iss.net/xforce/xfdb/90386";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.1.72;5;1;72;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64898   |   URL:http://www.securityfocus.com/bid/64898   |   OSVDB:102071   |   URL:http://osvdb.org/102071   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140401(90382)   |   URL:http://xforce.iss.net/xforce/xfdb/90382";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.5.34;5;5;34;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64898   |   URL:http://www.securityfocus.com/bid/64898   |   OSVDB:102071   |   URL:http://osvdb.org/102071   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140401(90382)   |   URL:http://xforce.iss.net/xforce/xfdb/90382";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.6.14;5;6;14;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64898   |   URL:http://www.securityfocus.com/bid/64898   |   OSVDB:102071   |   URL:http://osvdb.org/102071   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140401(90382)   |   URL:http://xforce.iss.net/xforce/xfdb/90382";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.1.71;5;1;71;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64908   |   URL:http://www.securityfocus.com/bid/64908   |   OSVDB:102068   |   URL:http://osvdb.org/102068   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140402(90379)   |   URL:http://xforce.iss.net/xforce/xfdb/90379";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.5.33;5;5;33;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64908   |   URL:http://www.securityfocus.com/bid/64908   |   OSVDB:102068   |   URL:http://osvdb.org/102068   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140402(90379)   |   URL:http://xforce.iss.net/xforce/xfdb/90379";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.6.13;5;6;13;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64908   |   URL:http://www.securityfocus.com/bid/64908   |   OSVDB:102068   |   URL:http://osvdb.org/102068   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140402(90379)   |   URL:http://xforce.iss.net/xforce/xfdb/90379";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.1.72;5;1;72;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64880   |   URL:http://www.securityfocus.com/bid/64880   |   OSVDB:102067   |   URL:http://osvdb.org/102067   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140412(90378)   |   URL:http://xforce.iss.net/xforce/xfdb/90378";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.5.34;5;5;34;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64880   |   URL:http://www.securityfocus.com/bid/64880   |   OSVDB:102067   |   URL:http://osvdb.org/102067   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140412(90378)   |   URL:http://xforce.iss.net/xforce/xfdb/90378";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.6.14;5;6;14;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64880   |   URL:http://www.securityfocus.com/bid/64880   |   OSVDB:102067   |   URL:http://osvdb.org/102067   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140412(90378)   |   URL:http://xforce.iss.net/xforce/xfdb/90378";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.5.34;5;5;34;CVE-2014-0420;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier; and 5.6.14 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64888   |   URL:http://www.securityfocus.com/bid/64888   |   OSVDB:102077   |   URL:http://osvdb.org/102077   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140420(90388)   |   URL:http://xforce.iss.net/xforce/xfdb/90388";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.6.14;5;6;14;CVE-2014-0420;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier; and 5.6.14 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64888   |   URL:http://www.securityfocus.com/bid/64888   |   OSVDB:102077   |   URL:http://osvdb.org/102077   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140420(90388)   |   URL:http://xforce.iss.net/xforce/xfdb/90388";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.6.13;5;6;13;CVE-2014-0427;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64868   |   URL:http://www.securityfocus.com/bid/64868   |   OSVDB:102072   |   URL:http://osvdb.org/102072   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   XF:oracle-cpujan2014-cve20140427(90383)   |   URL:http://xforce.iss.net/xforce/xfdb/90383";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.6.13;5;6;13;CVE-2014-0430;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64893   |   URL:http://www.securityfocus.com/bid/64893   |   OSVDB:102076   |   URL:http://osvdb.org/102076   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   XF:oracle-cpujan2014-cve20140430(90387)   |   URL:http://xforce.iss.net/xforce/xfdb/90387";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.6.14;5;6;14;CVE-2014-0431;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5881.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64897   |   URL:http://www.securityfocus.com/bid/64897   |   OSVDB:102073   |   URL:http://osvdb.org/102073   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   XF:oracle-cpujan2014-cve20140431(90384)   |   URL:http://xforce.iss.net/xforce/xfdb/90384";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.6.13;5;6;13;CVE-2014-0433;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64895   |   URL:http://www.securityfocus.com/bid/64895   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   XF:oracle-cpujan2014-cve20140433(90375)   |   URL:http://xforce.iss.net/xforce/xfdb/90375";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.1.72;5;1;72;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64849   |   URL:http://www.securityfocus.com/bid/64849   |   OSVDB:102074   |   URL:http://osvdb.org/102074   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140437(90385)   |   URL:http://xforce.iss.net/xforce/xfdb/90385";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.5.34;5;5;34;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64849   |   URL:http://www.securityfocus.com/bid/64849   |   OSVDB:102074   |   URL:http://osvdb.org/102074   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140437(90385)   |   URL:http://xforce.iss.net/xforce/xfdb/90385";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.6.14;5;6;14;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64849   |   URL:http://www.securityfocus.com/bid/64849   |   OSVDB:102074   |   URL:http://osvdb.org/102074   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140437(90385)   |   URL:http://xforce.iss.net/xforce/xfdb/90385";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.5.35;5;5;35;CVE-2014-2419;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:66880   |   URL:http://www.securityfocus.com/bid/66880";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.6.15;5;6;15;CVE-2014-2419;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:66880   |   URL:http://www.securityfocus.com/bid/66880";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.5.36;5;5;36;CVE-2014-2430;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:66858   |   URL:http://www.securityfocus.com/bid/66858";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.6.16;5;6;16;CVE-2014-2430;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:66858   |   URL:http://www.securityfocus.com/bid/66858";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.5.36;5;5;36;CVE-2014-2431;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:66890   |   URL:http://www.securityfocus.com/bid/66890";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.6.16;5;6;16;CVE-2014-2431;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:66890   |   URL:http://www.securityfocus.com/bid/66890";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.5.35;5;5;35;CVE-2014-2432;Candidate;"Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:66875   |   URL:http://www.securityfocus.com/bid/66875";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.6.15;5;6;15;CVE-2014-2432;Candidate;"Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:66875   |   URL:http://www.securityfocus.com/bid/66875";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.6.15;5;6;15;CVE-2014-2434;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   BID:66872   |   URL:http://www.securityfocus.com/bid/66872";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.6.16;5;6;16;CVE-2014-2435;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   BID:66853   |   URL:http://www.securityfocus.com/bid/66853";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.5.36;5;5;36;CVE-2014-2436;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:66896   |   URL:http://www.securityfocus.com/bid/66896";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.6.16;5;6;16;CVE-2014-2436;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:66896   |   URL:http://www.securityfocus.com/bid/66896";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.5.35;5;5;35;CVE-2014-2438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   BID:66846   |   URL:http://www.securityfocus.com/bid/66846";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.6.15;5;6;15;CVE-2014-2438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   BID:66846   |   URL:http://www.securityfocus.com/bid/66846";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.1.70;5;1;70;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html   |   DEBIAN:DSA-2780   |   URL:http://www.debian.org/security/2013/dsa-2780   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   MANDRIVA:MDVSA-2013:250   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2006-1   |   URL:http://www.ubuntu.com/usn/USN-2006-1   |   BID:63109   |   URL:http://www.securityfocus.com/bid/63109   |   SECTRACK:1029184   |   URL:http://www.securitytracker.com/id/1029184   |   SECUNIA:55291   |   URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; | ||||
| 5.5.32;5;5;32;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html   |   DEBIAN:DSA-2780   |   URL:http://www.debian.org/security/2013/dsa-2780   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   MANDRIVA:MDVSA-2013:250   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2006-1   |   URL:http://www.ubuntu.com/usn/USN-2006-1   |   BID:63109   |   URL:http://www.securityfocus.com/bid/63109   |   SECTRACK:1029184   |   URL:http://www.securitytracker.com/id/1029184   |   SECUNIA:55291   |   URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; | ||||
| 5.6.12;5;6;12;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html   |   DEBIAN:DSA-2780   |   URL:http://www.debian.org/security/2013/dsa-2780   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   MANDRIVA:MDVSA-2013:250   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2006-1   |   URL:http://www.ubuntu.com/usn/USN-2006-1   |   BID:63109   |   URL:http://www.securityfocus.com/bid/63109   |   SECTRACK:1029184   |   URL:http://www.securitytracker.com/id/1029184   |   SECUNIA:55291   |   URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; | ||||
| 5.6.12;5;6;12;CVE-2013-5767;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:63113   |   URL:http://www.securityfocus.com/bid/63113   |   SECTRACK:1029184   |   URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.6.11;5;6;11;CVE-2013-5770;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:63119   |   URL:http://www.securityfocus.com/bid/63119   |   SECTRACK:1029184   |   URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.6.12;5;6;12;CVE-2013-5786;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5793.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:63107   |   URL:http://www.securityfocus.com/bid/63107   |   SECTRACK:1029184   |   URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.6.12;5;6;12;CVE-2013-5793;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5786.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:63116   |   URL:http://www.securityfocus.com/bid/63116   |   SECTRACK:1029184   |   URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.5.32;5;5;32;CVE-2013-5807;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2006-1   |   URL:http://www.ubuntu.com/usn/USN-2006-1   |   BID:63105   |   URL:http://www.securityfocus.com/bid/63105   |   SECTRACK:1029184   |   URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.6.12;5;6;12;CVE-2013-5807;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html   |   DEBIAN:DSA-2818   |   URL:http://www.debian.org/security/2013/dsa-2818   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2006-1   |   URL:http://www.ubuntu.com/usn/USN-2006-1   |   BID:63105   |   URL:http://www.securityfocus.com/bid/63105   |   SECTRACK:1029184   |   URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.6.14;5;6;14;CVE-2013-5860;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64864   |   URL:http://www.securityfocus.com/bid/64864   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   XF:oracle-cpujan2014-cve20135860(90373)   |   URL:http://xforce.iss.net/xforce/xfdb/90373";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.6.14;5;6;14;CVE-2013-5881;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2014-0431.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64885   |   URL:http://www.securityfocus.com/bid/64885   |   OSVDB:102066   |   URL:http://osvdb.org/102066   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   XF:oracle-cpujan2014-cve20135881(90377)   |   URL:http://xforce.iss.net/xforce/xfdb/90377";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.6.13;5;6;13;CVE-2013-5882;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64854   |   URL:http://www.securityfocus.com/bid/64854   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   XF:oracle-cpujan2014-cve20135882(90374)   |   URL:http://xforce.iss.net/xforce/xfdb/90374";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.5.33;5;5;33;CVE-2013-5891;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64891   |   URL:http://www.securityfocus.com/bid/64891   |   OSVDB:102070   |   URL:http://osvdb.org/102070   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.6.13;5;6;13;CVE-2013-5891;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64891   |   URL:http://www.securityfocus.com/bid/64891   |   OSVDB:102070   |   URL:http://osvdb.org/102070   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.6.13;5;6;13;CVE-2013-5894;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64873   |   URL:http://www.securityfocus.com/bid/64873   |   OSVDB:102065   |   URL:http://osvdb.org/102065   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   XF:oracle-cpujan2014-cve20135894(90376)   |   URL:http://xforce.iss.net/xforce/xfdb/90376";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.1.72;5;1;72;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64896   |   URL:http://www.securityfocus.com/bid/64896   |   OSVDB:102078   |   URL:http://osvdb.org/102078   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20135908(90389)   |   URL:http://xforce.iss.net/xforce/xfdb/90389";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.5.34;5;5;34;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64896   |   URL:http://www.securityfocus.com/bid/64896   |   OSVDB:102078   |   URL:http://osvdb.org/102078   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20135908(90389)   |   URL:http://xforce.iss.net/xforce/xfdb/90389";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.6.14;5;6;14;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64896   |   URL:http://www.securityfocus.com/bid/64896   |   OSVDB:102078   |   URL:http://osvdb.org/102078   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20135908(90389)   |   URL:http://xforce.iss.net/xforce/xfdb/90389";Assigned (20130918);"None (candidate not yet proposed)"; | ||||
| 5.5.34;5;5;34;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592   |   CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   MANDRIVA:MDVSA-2014:029   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   BID:65298   |   URL:http://www.securityfocus.com/bid/65298   |   OSVDB:102713   |   URL:http://osvdb.org/102713   |   OSVDB:102714   |   URL:http://www.osvdb.org/102714";Assigned (20131203);"None (candidate not yet proposed)"; | ||||
| 02.565.63;02;565;63;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592   |   CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   MANDRIVA:MDVSA-2014:029   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   BID:65298   |   URL:http://www.securityfocus.com/bid/65298   |   OSVDB:102713   |   URL:http://osvdb.org/102713   |   OSVDB:102714   |   URL:http://www.osvdb.org/102714";Assigned (20131203);"None (candidate not yet proposed)"; | ||||
| 5.5.35;5;5;35;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.6.15;5;6;15;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.1.71;5;1;71;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64904   |   URL:http://www.securityfocus.com/bid/64904   |   OSVDB:102069   |   URL:http://osvdb.org/102069   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140386(90380)   |   URL:http://xforce.iss.net/xforce/xfdb/90380";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.5.33;5;5;33;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64904   |   URL:http://www.securityfocus.com/bid/64904   |   OSVDB:102069   |   URL:http://osvdb.org/102069   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140386(90380)   |   URL:http://xforce.iss.net/xforce/xfdb/90380";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.6.13;5;6;13;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64904   |   URL:http://www.securityfocus.com/bid/64904   |   OSVDB:102069   |   URL:http://osvdb.org/102069   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140386(90380)   |   URL:http://xforce.iss.net/xforce/xfdb/90380";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.1.71;5;1;71;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64877   |   URL:http://www.securityfocus.com/bid/64877   |   OSVDB:102075   |   URL:http://osvdb.org/102075   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140393(90386)   |   URL:http://xforce.iss.net/xforce/xfdb/90386";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.5.33;5;5;33;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64877   |   URL:http://www.securityfocus.com/bid/64877   |   OSVDB:102075   |   URL:http://osvdb.org/102075   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140393(90386)   |   URL:http://xforce.iss.net/xforce/xfdb/90386";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.6.13;5;6;13;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64877   |   URL:http://www.securityfocus.com/bid/64877   |   OSVDB:102075   |   URL:http://osvdb.org/102075   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140393(90386)   |   URL:http://xforce.iss.net/xforce/xfdb/90386";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.1.72;5;1;72;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64898   |   URL:http://www.securityfocus.com/bid/64898   |   OSVDB:102071   |   URL:http://osvdb.org/102071   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140401(90382)   |   URL:http://xforce.iss.net/xforce/xfdb/90382";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.5.34;5;5;34;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64898   |   URL:http://www.securityfocus.com/bid/64898   |   OSVDB:102071   |   URL:http://osvdb.org/102071   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140401(90382)   |   URL:http://xforce.iss.net/xforce/xfdb/90382";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.6.14;5;6;14;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64898   |   URL:http://www.securityfocus.com/bid/64898   |   OSVDB:102071   |   URL:http://osvdb.org/102071   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140401(90382)   |   URL:http://xforce.iss.net/xforce/xfdb/90382";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.1.71;5;1;71;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64908   |   URL:http://www.securityfocus.com/bid/64908   |   OSVDB:102068   |   URL:http://osvdb.org/102068   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140402(90379)   |   URL:http://xforce.iss.net/xforce/xfdb/90379";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.5.33;5;5;33;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64908   |   URL:http://www.securityfocus.com/bid/64908   |   OSVDB:102068   |   URL:http://osvdb.org/102068   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140402(90379)   |   URL:http://xforce.iss.net/xforce/xfdb/90379";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.6.13;5;6;13;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64908   |   URL:http://www.securityfocus.com/bid/64908   |   OSVDB:102068   |   URL:http://osvdb.org/102068   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140402(90379)   |   URL:http://xforce.iss.net/xforce/xfdb/90379";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.1.72;5;1;72;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64880   |   URL:http://www.securityfocus.com/bid/64880   |   OSVDB:102067   |   URL:http://osvdb.org/102067   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140412(90378)   |   URL:http://xforce.iss.net/xforce/xfdb/90378";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.5.34;5;5;34;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64880   |   URL:http://www.securityfocus.com/bid/64880   |   OSVDB:102067   |   URL:http://osvdb.org/102067   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140412(90378)   |   URL:http://xforce.iss.net/xforce/xfdb/90378";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.6.14;5;6;14;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64880   |   URL:http://www.securityfocus.com/bid/64880   |   OSVDB:102067   |   URL:http://osvdb.org/102067   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140412(90378)   |   URL:http://xforce.iss.net/xforce/xfdb/90378";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.5.34;5;5;34;CVE-2014-0420;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier; and 5.6.14 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64888   |   URL:http://www.securityfocus.com/bid/64888   |   OSVDB:102077   |   URL:http://osvdb.org/102077   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140420(90388)   |   URL:http://xforce.iss.net/xforce/xfdb/90388";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.6.14;5;6;14;CVE-2014-0420;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier; and 5.6.14 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64888   |   URL:http://www.securityfocus.com/bid/64888   |   OSVDB:102077   |   URL:http://osvdb.org/102077   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140420(90388)   |   URL:http://xforce.iss.net/xforce/xfdb/90388";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.6.13;5;6;13;CVE-2014-0427;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64868   |   URL:http://www.securityfocus.com/bid/64868   |   OSVDB:102072   |   URL:http://osvdb.org/102072   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   XF:oracle-cpujan2014-cve20140427(90383)   |   URL:http://xforce.iss.net/xforce/xfdb/90383";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.6.13;5;6;13;CVE-2014-0430;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64893   |   URL:http://www.securityfocus.com/bid/64893   |   OSVDB:102076   |   URL:http://osvdb.org/102076   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   XF:oracle-cpujan2014-cve20140430(90387)   |   URL:http://xforce.iss.net/xforce/xfdb/90387";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.6.14;5;6;14;CVE-2014-0431;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5881.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64897   |   URL:http://www.securityfocus.com/bid/64897   |   OSVDB:102073   |   URL:http://osvdb.org/102073   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   XF:oracle-cpujan2014-cve20140431(90384)   |   URL:http://xforce.iss.net/xforce/xfdb/90384";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.6.13;5;6;13;CVE-2014-0433;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64895   |   URL:http://www.securityfocus.com/bid/64895   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   XF:oracle-cpujan2014-cve20140433(90375)   |   URL:http://xforce.iss.net/xforce/xfdb/90375";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.1.72;5;1;72;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64849   |   URL:http://www.securityfocus.com/bid/64849   |   OSVDB:102074   |   URL:http://osvdb.org/102074   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140437(90385)   |   URL:http://xforce.iss.net/xforce/xfdb/90385";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.5.34;5;5;34;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64849   |   URL:http://www.securityfocus.com/bid/64849   |   OSVDB:102074   |   URL:http://osvdb.org/102074   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140437(90385)   |   URL:http://xforce.iss.net/xforce/xfdb/90385";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.6.14;5;6;14;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html   |   DEBIAN:DSA-2845   |   URL:http://www.debian.org/security/2014/dsa-2845   |   DEBIAN:DSA-2848   |   URL:http://www.debian.org/security/2014/dsa-2848   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   REDHAT:RHSA-2014:0164   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html   |   REDHAT:RHSA-2014:0173   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html   |   REDHAT:RHSA-2014:0186   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html   |   REDHAT:RHSA-2014:0189   |   URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html   |   UBUNTU:USN-2086-1   |   URL:http://ubuntu.com/usn/usn-2086-1   |   BID:64758   |   URL:http://www.securityfocus.com/bid/64758   |   BID:64849   |   URL:http://www.securityfocus.com/bid/64849   |   OSVDB:102074   |   URL:http://osvdb.org/102074   |   SECUNIA:56491   |   URL:http://secunia.com/advisories/56491   |   SECUNIA:56541   |   URL:http://secunia.com/advisories/56541   |   SECUNIA:56580   |   URL:http://secunia.com/advisories/56580   |   XF:oracle-cpujan2014-cve20140437(90385)   |   URL:http://xforce.iss.net/xforce/xfdb/90385";Assigned (20131212);"None (candidate not yet proposed)"; | ||||
| 5.5.35;5;5;35;CVE-2014-2419;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:66880   |   URL:http://www.securityfocus.com/bid/66880";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.6.15;5;6;15;CVE-2014-2419;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:66880   |   URL:http://www.securityfocus.com/bid/66880";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.5.36;5;5;36;CVE-2014-2430;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:66858   |   URL:http://www.securityfocus.com/bid/66858";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.6.16;5;6;16;CVE-2014-2430;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:66858   |   URL:http://www.securityfocus.com/bid/66858";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.5.36;5;5;36;CVE-2014-2431;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:66890   |   URL:http://www.securityfocus.com/bid/66890";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.6.16;5;6;16;CVE-2014-2431;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:66890   |   URL:http://www.securityfocus.com/bid/66890";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.5.35;5;5;35;CVE-2014-2432;Candidate;"Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:66875   |   URL:http://www.securityfocus.com/bid/66875";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.6.15;5;6;15;CVE-2014-2432;Candidate;"Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:66875   |   URL:http://www.securityfocus.com/bid/66875";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.6.15;5;6;15;CVE-2014-2434;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:66872   |   URL:http://www.securityfocus.com/bid/66872";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.6.16;5;6;16;CVE-2014-2435;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:66853   |   URL:http://www.securityfocus.com/bid/66853";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.5.36;5;5;36;CVE-2014-2436;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:66896   |   URL:http://www.securityfocus.com/bid/66896";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.6.16;5;6;16;CVE-2014-2436;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:66896   |   URL:http://www.securityfocus.com/bid/66896";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.5.35;5;5;35;CVE-2014-2438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:66846   |   URL:http://www.securityfocus.com/bid/66846";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.6.15;5;6;15;CVE-2014-2438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   |   GENTOO:GLSA-201409-04   |   URL:http://security.gentoo.org/glsa/glsa-201409-04.xml   |   BID:66846   |   URL:http://www.securityfocus.com/bid/66846";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.6.15;5;6;15;CVE-2014-2442;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.6.15;5;6;15;CVE-2014-2444;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.6.15;5;6;15;CVE-2014-2450;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.6.15;5;6;15;CVE-2014-2451;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.6.17;5;6;17;CVE-2014-2484;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRFTS.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.5.37;5;5;37;CVE-2014-2494;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-2985   |   URL:http://www.debian.org/security/2014/dsa-2985   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.5.37;5;5;37;CVE-2014-4207;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-2985   |   URL:http://www.debian.org/security/2014/dsa-2985   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html   |   BID:68593   |   URL:http://www.securityfocus.com/bid/68593   |   XF:oracle-cpujul2014-cve20144207(94624)   |   URL:http://xforce.iss.net/xforce/xfdb/94624";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.6.17;5;6;17;CVE-2014-4214;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html   |   BID:68607   |   URL:http://www.securityfocus.com/bid/68607   |   XF:oracle-cpujul2014-cve20144214(94627)   |   URL:http://xforce.iss.net/xforce/xfdb/94627";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.6.17;5;6;17;CVE-2014-4233;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html   |   BID:68598   |   URL:http://www.securityfocus.com/bid/68598   |   XF:oracle-cpujul2014-cve20144233(94625)   |   URL:http://xforce.iss.net/xforce/xfdb/94625";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.6.17;5;6;17;CVE-2014-4238;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html   |   BID:68587   |   URL:http://www.securityfocus.com/bid/68587   |   XF:oracle-cpujul2014-cve20144238(94623)   |   URL:http://xforce.iss.net/xforce/xfdb/94623";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.6.17;5;6;17;CVE-2014-4240;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html   |   BID:68602   |   URL:http://www.securityfocus.com/bid/68602   |   XF:oracle-cpujul2014-cve20144240(94626)   |   URL:http://xforce.iss.net/xforce/xfdb/94626";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.5.35;5;5;35;CVE-2014-4243;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html   |   BID:68611   |   URL:http://www.securityfocus.com/bid/68611   |   XF:oracle-cpujul2014-cve20144243(94628)   |   URL:http://xforce.iss.net/xforce/xfdb/94628";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.6.15;5;6;15;CVE-2014-4243;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html   |   BID:68611   |   URL:http://www.securityfocus.com/bid/68611   |   XF:oracle-cpujul2014-cve20144243(94628)   |   URL:http://xforce.iss.net/xforce/xfdb/94628";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.5.37;5;5;37;CVE-2014-4258;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRINFOSC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-2985   |   URL:http://www.debian.org/security/2014/dsa-2985   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html   |   BID:68564   |   URL:http://www.securityfocus.com/bid/68564   |   XF:oracle-cpujul2014-cve20144258(94620)   |   URL:http://xforce.iss.net/xforce/xfdb/94620";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.6.17;5;6;17;CVE-2014-4258;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRINFOSC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-2985   |   URL:http://www.debian.org/security/2014/dsa-2985   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html   |   BID:68564   |   URL:http://www.securityfocus.com/bid/68564   |   XF:oracle-cpujul2014-cve20144258(94620)   |   URL:http://xforce.iss.net/xforce/xfdb/94620";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.5.37;5;5;37;CVE-2014-4260;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier; and 5.6.17 and earlier; allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-2985   |   URL:http://www.debian.org/security/2014/dsa-2985   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html   |   BID:68573   |   URL:http://www.securityfocus.com/bid/68573   |   XF:oracle-cpujul2014-cve20144260(94621)   |   URL:http://xforce.iss.net/xforce/xfdb/94621";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.6.17;5;6;17;CVE-2014-4260;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier; and 5.6.17 and earlier; allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-2985   |   URL:http://www.debian.org/security/2014/dsa-2985   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html   |   BID:68573   |   URL:http://www.securityfocus.com/bid/68573   |   XF:oracle-cpujul2014-cve20144260(94621)   |   URL:http://xforce.iss.net/xforce/xfdb/94621";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.5.38;5;5;38;CVE-2014-4274;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to SERVER:MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:69732   |   URL:http://www.securityfocus.com/bid/69732";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2014-4274;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to SERVER:MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:69732   |   URL:http://www.securityfocus.com/bid/69732";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.5.38;5;5;38;CVE-2014-4287;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:70517   |   URL:http://www.securityfocus.com/bid/70517";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2014-4287;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:70517   |   URL:http://www.securityfocus.com/bid/70517";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.5.38;5;5;38;CVE-2014-6463;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:70532   |   URL:http://www.securityfocus.com/bid/70532";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2014-6463;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:70532   |   URL:http://www.securityfocus.com/bid/70532";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.39;5;5;39;CVE-2014-6464;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   BID:70451   |   URL:http://www.securityfocus.com/bid/70451   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.20;5;6;20;CVE-2014-6464;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   BID:70451   |   URL:http://www.securityfocus.com/bid/70451   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.39;5;5;39;CVE-2014-6469;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   BID:70446   |   URL:http://www.securityfocus.com/bid/70446   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.20;5;6;20;CVE-2014-6469;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   BID:70446   |   URL:http://www.securityfocus.com/bid/70446   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2014-6474;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.38;5;5;38;CVE-2014-6478;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:70489   |   URL:http://www.securityfocus.com/bid/70489";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2014-6478;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:70489   |   URL:http://www.securityfocus.com/bid/70489";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.38;5;5;38;CVE-2014-6484;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:70455   |   URL:http://www.securityfocus.com/bid/70455";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2014-6484;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:70455   |   URL:http://www.securityfocus.com/bid/70455";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2014-6489;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   BID:70525   |   URL:http://www.securityfocus.com/bid/70525";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.39;5;5;39;CVE-2014-6491;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6500.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   BID:70444   |   URL:http://www.securityfocus.com/bid/70444   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.20;5;6;20;CVE-2014-6491;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6500.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   BID:70444   |   URL:http://www.securityfocus.com/bid/70444   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.39;5;5;39;CVE-2014-6494;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6496.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   BID:70497   |   URL:http://www.securityfocus.com/bid/70497   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.20;5;6;20;CVE-2014-6494;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6496.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   BID:70497   |   URL:http://www.securityfocus.com/bid/70497   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.38;5;5;38;CVE-2014-6495;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:70496   |   URL:http://www.securityfocus.com/bid/70496";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2014-6495;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:70496   |   URL:http://www.securityfocus.com/bid/70496";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.39;5;5;39;CVE-2014-6496;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6494.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   BID:70469   |   URL:http://www.securityfocus.com/bid/70469   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.20;5;6;20;CVE-2014-6496;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6494.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   BID:70469   |   URL:http://www.securityfocus.com/bid/70469   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.39;5;5;39;CVE-2014-6500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6491.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   BID:70478   |   URL:http://www.securityfocus.com/bid/70478   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.20;5;6;20;CVE-2014-6500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6491.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   BID:70478   |   URL:http://www.securityfocus.com/bid/70478   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.38;5;5;38;CVE-2014-6505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:70516   |   URL:http://www.securityfocus.com/bid/70516";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2014-6505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:70516   |   URL:http://www.securityfocus.com/bid/70516";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.39;5;5;39;CVE-2014-6507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   BID:70550   |   URL:http://www.securityfocus.com/bid/70550   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.20;5;6;20;CVE-2014-6507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   BID:70550   |   URL:http://www.securityfocus.com/bid/70550   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.38;5;5;38;CVE-2014-6520;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:70510   |   URL:http://www.securityfocus.com/bid/70510";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.38;5;5;38;CVE-2014-6530;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to CLIENT:MYSQLDUMP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:70486   |   URL:http://www.securityfocus.com/bid/70486";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2014-6530;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to CLIENT:MYSQLDUMP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:70486   |   URL:http://www.securityfocus.com/bid/70486";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.38;5;5;38;CVE-2014-6551;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:70462   |   URL:http://www.securityfocus.com/bid/70462";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2014-6551;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   BID:70462   |   URL:http://www.securityfocus.com/bid/70462";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.39;5;5;39;CVE-2014-6555;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   BID:70530   |   URL:http://www.securityfocus.com/bid/70530   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.20;5;6;20;CVE-2014-6555;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   BID:70530   |   URL:http://www.securityfocus.com/bid/70530   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.39;5;5;39;CVE-2014-6559;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   BID:70487   |   URL:http://www.securityfocus.com/bid/70487   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.20;5;6;20;CVE-2014-6559;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   BID:70487   |   URL:http://www.securityfocus.com/bid/70487   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2014-6564;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   BID:70511   |   URL:http://www.securityfocus.com/bid/70511";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.40;5;5;40;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-3135   |   URL:http://www.debian.org/security/2015/dsa-3135   |   FEDORA:FEDORA-2015-1162   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   UBUNTU:USN-2480-1   |   URL:http://www.ubuntu.com/usn/USN-2480-1   |   BID:72210   |   URL:http://www.securityfocus.com/bid/72210   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.21;5;6;21;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-3135   |   URL:http://www.debian.org/security/2015/dsa-3135   |   FEDORA:FEDORA-2015-1162   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   UBUNTU:USN-2480-1   |   URL:http://www.ubuntu.com/usn/USN-2480-1   |   BID:72210   |   URL:http://www.securityfocus.com/bid/72210   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.40;5;5;40;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-3135   |   URL:http://www.debian.org/security/2015/dsa-3135   |   FEDORA:FEDORA-2015-1162   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   UBUNTU:USN-2480-1   |   URL:http://www.ubuntu.com/usn/USN-2480-1   |   BID:72227   |   URL:http://www.securityfocus.com/bid/72227   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732   |   XF:oracle-cpujan2015-cve20150374(100191)   |   URL:http://xforce.iss.net/xforce/xfdb/100191";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.21;5;6;21;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-3135   |   URL:http://www.debian.org/security/2015/dsa-3135   |   FEDORA:FEDORA-2015-1162   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   UBUNTU:USN-2480-1   |   URL:http://www.ubuntu.com/usn/USN-2480-1   |   BID:72227   |   URL:http://www.securityfocus.com/bid/72227   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732   |   XF:oracle-cpujan2015-cve20150374(100191)   |   URL:http://xforce.iss.net/xforce/xfdb/100191";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.5.40;5;5;40;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   DEBIAN:DSA-3135   |   URL:http://www.debian.org/security/2015/dsa-3135   |   FEDORA:FEDORA-2015-1162   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   UBUNTU:USN-2480-1   |   URL:http://www.ubuntu.com/usn/USN-2480-1   |   BID:72214   |   URL:http://www.securityfocus.com/bid/72214   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732   |   XF:oracle-cpujan2015-cve20150381(100185)   |   URL:http://xforce.iss.net/xforce/xfdb/100185";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.21;5;6;21;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   DEBIAN:DSA-3135   |   URL:http://www.debian.org/security/2015/dsa-3135   |   FEDORA:FEDORA-2015-1162   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   UBUNTU:USN-2480-1   |   URL:http://www.ubuntu.com/usn/USN-2480-1   |   BID:72214   |   URL:http://www.securityfocus.com/bid/72214   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732   |   XF:oracle-cpujan2015-cve20150381(100185)   |   URL:http://xforce.iss.net/xforce/xfdb/100185";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.5.40;5;5;40;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   DEBIAN:DSA-3135   |   URL:http://www.debian.org/security/2015/dsa-3135   |   FEDORA:FEDORA-2015-1162   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   UBUNTU:USN-2480-1   |   URL:http://www.ubuntu.com/usn/USN-2480-1   |   BID:72200   |   URL:http://www.securityfocus.com/bid/72200   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732   |   XF:oracle-cpujan2015-cve20150382(100184)   |   URL:http://xforce.iss.net/xforce/xfdb/100184";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.21;5;6;21;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   DEBIAN:DSA-3135   |   URL:http://www.debian.org/security/2015/dsa-3135   |   FEDORA:FEDORA-2015-1162   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   UBUNTU:USN-2480-1   |   URL:http://www.ubuntu.com/usn/USN-2480-1   |   BID:72200   |   URL:http://www.securityfocus.com/bid/72200   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732   |   XF:oracle-cpujan2015-cve20150382(100184)   |   URL:http://xforce.iss.net/xforce/xfdb/100184";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.21;5;6;21;CVE-2015-0385;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   BID:72229   |   URL:http://www.securityfocus.com/bid/72229   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   XF:oracle-cpujan2015-cve20150385(100190)   |   URL:http://xforce.iss.net/xforce/xfdb/100190";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.5.38;5;5;38;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   BID:72205   |   URL:http://www.securityfocus.com/bid/72205   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732   |   XF:oracle-cpujan2015-cve20150391(100186)   |   URL:http://xforce.iss.net/xforce/xfdb/100186";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   BID:72205   |   URL:http://www.securityfocus.com/bid/72205   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732   |   XF:oracle-cpujan2015-cve20150391(100186)   |   URL:http://xforce.iss.net/xforce/xfdb/100186";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.22;5;6;22;CVE-2015-0405;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.21;5;6;21;CVE-2015-0409;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:72223   |   URL:http://www.securityfocus.com/bid/72223   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   XF:oracle-cpujan2015-cve20150409(100188)   |   URL:http://xforce.iss.net/xforce/xfdb/100188";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.5.40;5;5;40;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   DEBIAN:DSA-3135   |   URL:http://www.debian.org/security/2015/dsa-3135   |   FEDORA:FEDORA-2015-1162   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   UBUNTU:USN-2480-1   |   URL:http://www.ubuntu.com/usn/USN-2480-1   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732   |   XF:oracle-cpujan2015-cve20150411(100183)   |   URL:http://xforce.iss.net/xforce/xfdb/100183";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.21;5;6;21;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   DEBIAN:DSA-3135   |   URL:http://www.debian.org/security/2015/dsa-3135   |   FEDORA:FEDORA-2015-1162   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   UBUNTU:USN-2480-1   |   URL:http://www.ubuntu.com/usn/USN-2480-1   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732   |   XF:oracle-cpujan2015-cve20150411(100183)   |   URL:http://xforce.iss.net/xforce/xfdb/100183";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.22;5;6;22;CVE-2015-0423;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.5.40;5;5;40;CVE-2015-0432;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-3135   |   URL:http://www.debian.org/security/2015/dsa-3135   |   FEDORA:FEDORA-2015-1162   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   UBUNTU:USN-2480-1   |   URL:http://www.ubuntu.com/usn/USN-2480-1   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732   |   XF:oracle-cpujan2015-cve20150432(100187)   |   URL:http://xforce.iss.net/xforce/xfdb/100187";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.5.41;5;5;41;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.22;5;6;22;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.22;5;6;22;CVE-2015-0438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.22;5;6;22;CVE-2015-0439;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-4756.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.5.41;5;5;41;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.22;5;6;22;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-0498;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.5.42;5;5;42;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   MANDRIVA:MDVSA-2015:227   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   MANDRIVA:MDVSA-2015:227   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-0500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   BID:74081   |   URL:http://www.securityfocus.com/bid/74081";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.5.42;5;5;42;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   MANDRIVA:MDVSA-2015:227   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   MANDRIVA:MDVSA-2015:227   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-0503;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.5.42;5;5;42;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   MANDRIVA:MDVSA-2015:227   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   MANDRIVA:MDVSA-2015:227   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-0506;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2015-0508.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-0507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-0508;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0506.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-0511;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.22;5;6;22;CVE-2015-2566;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-2567;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.5.41;5;5;41;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.22;5;6;22;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.5.42;5;5;42;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   MANDRIVA:MDVSA-2015:227   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   MANDRIVA:MDVSA-2015:227   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.5.41;5;5;41;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.22;5;6;22;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.5.43;5;5;43;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75751   |   URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75751   |   URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-2611;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75762   |   URL:http://www.securityfocus.com/bid/75762";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-2617;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75774   |   URL:http://www.securityfocus.com/bid/75774";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.5.43;5;5;43;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75837   |   URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75837   |   URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-2639;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75760   |   URL:http://www.securityfocus.com/bid/75760";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-2641;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75815   |   URL:http://www.securityfocus.com/bid/75815";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.5.43;5;5;43;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75830   |   URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75830   |   URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.5.43;5;5;43;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75822   |   URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75822   |   URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-2661;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75813   |   URL:http://www.securityfocus.com/bid/75813";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.7.3;5;7;3;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade   |   URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded   |   MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/   |   MISC:http://www.ocert.org/advisories/ocert-2015-003.html   |   MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability   |   MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html   |   CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/   |   CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152   |   CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-7937   |   BID:74398   |   URL:http://www.securityfocus.com/bid/74398   |   SECTRACK:1032216   |   URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; | ||||
| 6.1.3;6;1;3;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade   |   URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded   |   MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/   |   MISC:http://www.ocert.org/advisories/ocert-2015-003.html   |   MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability   |   MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html   |   CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/   |   CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152   |   CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-7937   |   BID:74398   |   URL:http://www.securityfocus.com/bid/74398   |   SECTRACK:1032216   |   URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; | ||||
| 5.5.44;5;5;44;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade   |   URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded   |   MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/   |   MISC:http://www.ocert.org/advisories/ocert-2015-003.html   |   MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability   |   MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html   |   CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/   |   CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152   |   CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-7937   |   BID:74398   |   URL:http://www.securityfocus.com/bid/74398   |   SECTRACK:1032216   |   URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; | ||||
| 5.5.43;5;5;43;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75802   |   URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75802   |   URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.43;5;5;43;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75849   |   URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75849   |   URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.22;5;6;22;CVE-2015-4756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0439.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   BID:75785   |   URL:http://www.securityfocus.com/bid/75785";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.42;5;5;42;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75759   |   URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75759   |   URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-4761;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75770   |   URL:http://www.securityfocus.com/bid/75770";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.25;5;6;25;CVE-2015-4766;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   BID:77232   |   URL:http://www.securityfocus.com/bid/77232";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-4767;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4769.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75844   |   URL:http://www.securityfocus.com/bid/75844";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-4769;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4767.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75753   |   URL:http://www.securityfocus.com/bid/75753";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-4771;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75835   |   URL:http://www.securityfocus.com/bid/75835";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-4772;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75781   |   URL:http://www.securityfocus.com/bid/75781";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4791;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   BID:77213   |   URL:http://www.securityfocus.com/bid/77213";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   BID:77171   |   URL:http://www.securityfocus.com/bid/77171";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   BID:77171   |   URL:http://www.securityfocus.com/bid/77171";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4800;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   BID:77216   |   URL:http://www.securityfocus.com/bid/77216";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   BID:77165   |   URL:http://www.securityfocus.com/bid/77165";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   BID:77165   |   URL:http://www.securityfocus.com/bid/77165";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   BID:77222   |   URL:http://www.securityfocus.com/bid/77222";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   BID:77222   |   URL:http://www.securityfocus.com/bid/77222";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.44;5;5;44;CVE-2015-4816;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   BID:77134   |   URL:http://www.securityfocus.com/bid/77134";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.44;5;5;44;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   BID:77196   |   URL:http://www.securityfocus.com/bid/77196";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.25;5;6;25;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   BID:77196   |   URL:http://www.securityfocus.com/bid/77196";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   BID:77237   |   URL:http://www.securityfocus.com/bid/77237";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   BID:77237   |   URL:http://www.securityfocus.com/bid/77237";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   BID:77228   |   URL:http://www.securityfocus.com/bid/77228";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   BID:77228   |   URL:http://www.securityfocus.com/bid/77228";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.25;5;6;25;CVE-2015-4833;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   BID:77170   |   URL:http://www.securityfocus.com/bid/77170";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   BID:77190   |   URL:http://www.securityfocus.com/bid/77190";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   BID:77190   |   URL:http://www.securityfocus.com/bid/77190";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   BID:77145   |   URL:http://www.securityfocus.com/bid/77145";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   BID:77145   |   URL:http://www.securityfocus.com/bid/77145";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   BID:77137   |   URL:http://www.securityfocus.com/bid/77137";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   BID:77137   |   URL:http://www.securityfocus.com/bid/77137";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4862;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   BID:77147   |   URL:http://www.securityfocus.com/bid/77147";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.43;5;5;43;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   BID:77187   |   URL:http://www.securityfocus.com/bid/77187";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   BID:77187   |   URL:http://www.securityfocus.com/bid/77187";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-4866;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   BID:77132   |   URL:http://www.securityfocus.com/bid/77132";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   BID:77208   |   URL:http://www.securityfocus.com/bid/77208";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   BID:77208   |   URL:http://www.securityfocus.com/bid/77208";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.44;5;5;44;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   BID:77140   |   URL:http://www.securityfocus.com/bid/77140";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.25;5;6;25;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   BID:77140   |   URL:http://www.securityfocus.com/bid/77140";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4890;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   BID:77231   |   URL:http://www.securityfocus.com/bid/77231";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.25;5;6;25;CVE-2015-4895;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   BID:77136   |   URL:http://www.securityfocus.com/bid/77136";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.25;5;6;25;CVE-2015-4904;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   BID:77219   |   URL:http://www.securityfocus.com/bid/77219";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-4905;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   BID:77143   |   URL:http://www.securityfocus.com/bid/77143";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4910;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   BID:77234   |   URL:http://www.securityfocus.com/bid/77234";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   BID:77153   |   URL:http://www.securityfocus.com/bid/77153";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   BID:77153   |   URL:http://www.securityfocus.com/bid/77153";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.28;5;6;28;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2016:0379   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; | ||||
| 2.17.1;2;17;1;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2016:0379   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; | ||||
| 10.0.22;10;0;22;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2016:0379   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; | ||||
| 2.21.2;2;21;2;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2016:0379   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; | ||||
| 5.4.43;5;4;43;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4   |   CONFIRM:http://php.net/ChangeLog-5.php   |   CONFIRM:https://bugs.php.net/bug.php?id=69669";Assigned (20160331);"None (candidate not yet proposed)"; | ||||
| 5.5.27;5;5;27;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4   |   CONFIRM:http://php.net/ChangeLog-5.php   |   CONFIRM:https://bugs.php.net/bug.php?id=69669";Assigned (20160331);"None (candidate not yet proposed)"; | ||||
| 5.6.11;5;6;11;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4   |   CONFIRM:http://php.net/ChangeLog-5.php   |   CONFIRM:https://bugs.php.net/bug.php?id=69669";Assigned (20160331);"None (candidate not yet proposed)"; | ||||
| 5.5.46;5;5;46;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:1686   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html   |   UBUNTU:USN-2881-1   |   URL:http://www.ubuntu.com/usn/USN-2881-1   |   BID:81066   |   URL:http://www.securityfocus.com/bid/81066";Assigned (20151209);"None (candidate not yet proposed)"; | ||||
| 5.6.27;5;6;27;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:1686   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html   |   UBUNTU:USN-2881-1   |   URL:http://www.ubuntu.com/usn/USN-2881-1   |   BID:81066   |   URL:http://www.securityfocus.com/bid/81066";Assigned (20151209);"None (candidate not yet proposed)"; | ||||
| 5.7.9;5;7;9;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:1686   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html   |   UBUNTU:USN-2881-1   |   URL:http://www.ubuntu.com/usn/USN-2881-1   |   BID:81066   |   URL:http://www.securityfocus.com/bid/81066";Assigned (20151209);"None (candidate not yet proposed)"; | ||||
| 5.5.47;5;5;47;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:1686   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html   |   UBUNTU:USN-2881-1   |   URL:http://www.ubuntu.com/usn/USN-2881-1   |   BID:81066   |   URL:http://www.securityfocus.com/bid/81066";Assigned (20151209);"None (candidate not yet proposed)"; | ||||
| 10.0.23;10;0;23;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:1686   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html   |   UBUNTU:USN-2881-1   |   URL:http://www.ubuntu.com/usn/USN-2881-1   |   BID:81066   |   URL:http://www.securityfocus.com/bid/81066";Assigned (20151209);"None (candidate not yet proposed)"; | ||||
| 10.1.10;10;1;10;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:1686   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html   |   UBUNTU:USN-2881-1   |   URL:http://www.ubuntu.com/usn/USN-2881-1   |   BID:81066   |   URL:http://www.securityfocus.com/bid/81066";Assigned (20151209);"None (candidate not yet proposed)"; | ||||
| 5.5.47;5;5;47;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:openSUSE-SU-2016:1686   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html   |   BID:81810   |   URL:http://www.securityfocus.com/bid/81810";Assigned (20160122);"None (candidate not yet proposed)"; | ||||
| 10.0.23;10;0;23;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:openSUSE-SU-2016:1686   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html   |   BID:81810   |   URL:http://www.securityfocus.com/bid/81810";Assigned (20160122);"None (candidate not yet proposed)"; | ||||
| 10.1.10;10;1;10;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:openSUSE-SU-2016:1686   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html   |   BID:81810   |   URL:http://www.securityfocus.com/bid/81810";Assigned (20160122);"None (candidate not yet proposed)"; | ||||
| 5.5.48;5;5;48;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:openSUSE-SU-2016:1686   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html   |   BID:81810   |   URL:http://www.securityfocus.com/bid/81810";Assigned (20160122);"None (candidate not yet proposed)"; | ||||
| 5.6.29;5;6;29;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:openSUSE-SU-2016:1686   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html   |   BID:81810   |   URL:http://www.securityfocus.com/bid/81810";Assigned (20160122);"None (candidate not yet proposed)"; | ||||
| 5.7.11;5;7;11;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:openSUSE-SU-2016:1686   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html   |   BID:81810   |   URL:http://www.securityfocus.com/bid/81810";Assigned (20160122);"None (candidate not yet proposed)"; | ||||
| 5.6.17;5;6;17;CVE-2014-2484;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRFTS.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html   |   SECTRACK:1030578   |   URL:http://www.securitytracker.com/id/1030578   |   SECUNIA:60425   |   URL:http://secunia.com/advisories/60425";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.5.37;5;5;37;CVE-2014-2494;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-2985   |   URL:http://www.debian.org/security/2014/dsa-2985   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   SECTRACK:1030578   |   URL:http://www.securitytracker.com/id/1030578   |   SECUNIA:60425   |   URL:http://secunia.com/advisories/60425";Assigned (20140313);"None (candidate not yet proposed)"; | ||||
| 5.5.37;5;5;37;CVE-2014-4207;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-2985   |   URL:http://www.debian.org/security/2014/dsa-2985   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:68593   |   URL:http://www.securityfocus.com/bid/68593   |   SECTRACK:1030578   |   URL:http://www.securitytracker.com/id/1030578   |   SECUNIA:60425   |   URL:http://secunia.com/advisories/60425   |   XF:oracle-cpujul2014-cve20144207(94624)   |   URL:http://xforce.iss.net/xforce/xfdb/94624";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.6.17;5;6;17;CVE-2014-4214;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html   |   BID:68607   |   URL:http://www.securityfocus.com/bid/68607   |   SECTRACK:1030578   |   URL:http://www.securitytracker.com/id/1030578   |   SECUNIA:60425   |   URL:http://secunia.com/advisories/60425   |   XF:oracle-cpujul2014-cve20144214(94627)   |   URL:http://xforce.iss.net/xforce/xfdb/94627";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.6.17;5;6;17;CVE-2014-4233;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html   |   BID:68598   |   URL:http://www.securityfocus.com/bid/68598   |   SECTRACK:1030578   |   URL:http://www.securitytracker.com/id/1030578   |   SECUNIA:60425   |   URL:http://secunia.com/advisories/60425   |   XF:oracle-cpujul2014-cve20144233(94625)   |   URL:http://xforce.iss.net/xforce/xfdb/94625";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.6.17;5;6;17;CVE-2014-4238;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html   |   BID:68587   |   URL:http://www.securityfocus.com/bid/68587   |   SECTRACK:1030578   |   URL:http://www.securitytracker.com/id/1030578   |   SECUNIA:60425   |   URL:http://secunia.com/advisories/60425   |   XF:oracle-cpujul2014-cve20144238(94623)   |   URL:http://xforce.iss.net/xforce/xfdb/94623";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.6.17;5;6;17;CVE-2014-4240;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html   |   BID:68602   |   URL:http://www.securityfocus.com/bid/68602   |   SECTRACK:1030578   |   URL:http://www.securitytracker.com/id/1030578   |   SECUNIA:60425   |   URL:http://secunia.com/advisories/60425   |   XF:oracle-cpujul2014-cve20144240(94626)   |   URL:http://xforce.iss.net/xforce/xfdb/94626";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.5.35;5;5;35;CVE-2014-4243;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html   |   BID:68611   |   URL:http://www.securityfocus.com/bid/68611   |   SECTRACK:1030578   |   URL:http://www.securitytracker.com/id/1030578   |   SECUNIA:60425   |   URL:http://secunia.com/advisories/60425   |   XF:oracle-cpujul2014-cve20144243(94628)   |   URL:http://xforce.iss.net/xforce/xfdb/94628";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.6.15;5;6;15;CVE-2014-4243;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html   |   BID:68611   |   URL:http://www.securityfocus.com/bid/68611   |   SECTRACK:1030578   |   URL:http://www.securitytracker.com/id/1030578   |   SECUNIA:60425   |   URL:http://secunia.com/advisories/60425   |   XF:oracle-cpujul2014-cve20144243(94628)   |   URL:http://xforce.iss.net/xforce/xfdb/94628";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.5.37;5;5;37;CVE-2014-4258;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRINFOSC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-2985   |   URL:http://www.debian.org/security/2014/dsa-2985   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:68564   |   URL:http://www.securityfocus.com/bid/68564   |   SECTRACK:1030578   |   URL:http://www.securitytracker.com/id/1030578   |   SECUNIA:60425   |   URL:http://secunia.com/advisories/60425   |   XF:oracle-cpujul2014-cve20144258(94620)   |   URL:http://xforce.iss.net/xforce/xfdb/94620";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.6.17;5;6;17;CVE-2014-4258;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRINFOSC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-2985   |   URL:http://www.debian.org/security/2014/dsa-2985   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:68564   |   URL:http://www.securityfocus.com/bid/68564   |   SECTRACK:1030578   |   URL:http://www.securitytracker.com/id/1030578   |   SECUNIA:60425   |   URL:http://secunia.com/advisories/60425   |   XF:oracle-cpujul2014-cve20144258(94620)   |   URL:http://xforce.iss.net/xforce/xfdb/94620";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.5.37;5;5;37;CVE-2014-4260;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier; and 5.6.17 and earlier; allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-2985   |   URL:http://www.debian.org/security/2014/dsa-2985   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:68573   |   URL:http://www.securityfocus.com/bid/68573   |   SECTRACK:1030578   |   URL:http://www.securitytracker.com/id/1030578   |   SECUNIA:60425   |   URL:http://secunia.com/advisories/60425   |   XF:oracle-cpujul2014-cve20144260(94621)   |   URL:http://xforce.iss.net/xforce/xfdb/94621";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.6.17;5;6;17;CVE-2014-4260;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier; and 5.6.17 and earlier; allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded   |   FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities   |   URL:http://seclists.org/fulldisclosure/2014/Dec/23   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   |   CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-2985   |   URL:http://www.debian.org/security/2014/dsa-2985   |   SUSE:SUSE-SU-2014:1072   |   URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:68573   |   URL:http://www.securityfocus.com/bid/68573   |   SECTRACK:1030578   |   URL:http://www.securitytracker.com/id/1030578   |   SECUNIA:60425   |   URL:http://secunia.com/advisories/60425   |   XF:oracle-cpujul2014-cve20144260(94621)   |   URL:http://xforce.iss.net/xforce/xfdb/94621";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.5.38;5;5;38;CVE-2014-4274;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to SERVER:MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:69732   |   URL:http://www.securityfocus.com/bid/69732";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2014-4274;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to SERVER:MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:69732   |   URL:http://www.securityfocus.com/bid/69732";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.5.38;5;5;38;CVE-2014-4287;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70517   |   URL:http://www.securityfocus.com/bid/70517";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2014-4287;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70517   |   URL:http://www.securityfocus.com/bid/70517";Assigned (20140617);"None (candidate not yet proposed)"; | ||||
| 5.5.38;5;5;38;CVE-2014-6463;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70532   |   URL:http://www.securityfocus.com/bid/70532";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2014-6463;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70532   |   URL:http://www.securityfocus.com/bid/70532";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.39;5;5;39;CVE-2014-6464;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70451   |   URL:http://www.securityfocus.com/bid/70451   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.20;5;6;20;CVE-2014-6464;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70451   |   URL:http://www.securityfocus.com/bid/70451   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.39;5;5;39;CVE-2014-6469;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70446   |   URL:http://www.securityfocus.com/bid/70446   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.20;5;6;20;CVE-2014-6469;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70446   |   URL:http://www.securityfocus.com/bid/70446   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2014-6474;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.38;5;5;38;CVE-2014-6478;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70489   |   URL:http://www.securityfocus.com/bid/70489";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2014-6478;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70489   |   URL:http://www.securityfocus.com/bid/70489";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.38;5;5;38;CVE-2014-6484;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70455   |   URL:http://www.securityfocus.com/bid/70455";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2014-6484;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70455   |   URL:http://www.securityfocus.com/bid/70455";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2014-6489;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70525   |   URL:http://www.securityfocus.com/bid/70525";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.39;5;5;39;CVE-2014-6491;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6500.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70444   |   URL:http://www.securityfocus.com/bid/70444   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.20;5;6;20;CVE-2014-6491;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6500.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70444   |   URL:http://www.securityfocus.com/bid/70444   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.39;5;5;39;CVE-2014-6494;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6496.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70497   |   URL:http://www.securityfocus.com/bid/70497   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.20;5;6;20;CVE-2014-6494;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6496.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70497   |   URL:http://www.securityfocus.com/bid/70497   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.38;5;5;38;CVE-2014-6495;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70496   |   URL:http://www.securityfocus.com/bid/70496";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2014-6495;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70496   |   URL:http://www.securityfocus.com/bid/70496";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.39;5;5;39;CVE-2014-6496;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6494.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70469   |   URL:http://www.securityfocus.com/bid/70469   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.20;5;6;20;CVE-2014-6496;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6494.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70469   |   URL:http://www.securityfocus.com/bid/70469   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.39;5;5;39;CVE-2014-6500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6491.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70478   |   URL:http://www.securityfocus.com/bid/70478   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.20;5;6;20;CVE-2014-6500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6491.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70478   |   URL:http://www.securityfocus.com/bid/70478   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.38;5;5;38;CVE-2014-6505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70516   |   URL:http://www.securityfocus.com/bid/70516";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2014-6505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70516   |   URL:http://www.securityfocus.com/bid/70516";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.39;5;5;39;CVE-2014-6507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70550   |   URL:http://www.securityfocus.com/bid/70550   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.20;5;6;20;CVE-2014-6507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70550   |   URL:http://www.securityfocus.com/bid/70550   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.38;5;5;38;CVE-2014-6520;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70510   |   URL:http://www.securityfocus.com/bid/70510";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.38;5;5;38;CVE-2014-6530;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to CLIENT:MYSQLDUMP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70486   |   URL:http://www.securityfocus.com/bid/70486";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2014-6530;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to CLIENT:MYSQLDUMP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70486   |   URL:http://www.securityfocus.com/bid/70486";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.38;5;5;38;CVE-2014-6551;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70462   |   URL:http://www.securityfocus.com/bid/70462";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2014-6551;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70462   |   URL:http://www.securityfocus.com/bid/70462";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.39;5;5;39;CVE-2014-6555;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70530   |   URL:http://www.securityfocus.com/bid/70530   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.20;5;6;20;CVE-2014-6555;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70530   |   URL:http://www.securityfocus.com/bid/70530   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.39;5;5;39;CVE-2014-6559;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70487   |   URL:http://www.securityfocus.com/bid/70487   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.20;5;6;20;CVE-2014-6559;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   GENTOO:GLSA-201411-02   |   URL:http://security.gentoo.org/glsa/glsa-201411-02.xml   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70487   |   URL:http://www.securityfocus.com/bid/70487   |   SECUNIA:61579   |   URL:http://secunia.com/advisories/61579   |   SECUNIA:62073   |   URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2014-6564;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:70511   |   URL:http://www.securityfocus.com/bid/70511";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.40;5;5;40;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-3135   |   URL:http://www.debian.org/security/2015/dsa-3135   |   FEDORA:FEDORA-2015-1162   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html   |   GENTOO:GLSA-201504-05   |   URL:https://security.gentoo.org/glsa/201504-05   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   UBUNTU:USN-2480-1   |   URL:http://www.ubuntu.com/usn/USN-2480-1   |   BID:72210   |   URL:http://www.securityfocus.com/bid/72210   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.6.21;5;6;21;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-3135   |   URL:http://www.debian.org/security/2015/dsa-3135   |   FEDORA:FEDORA-2015-1162   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html   |   GENTOO:GLSA-201504-05   |   URL:https://security.gentoo.org/glsa/201504-05   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   UBUNTU:USN-2480-1   |   URL:http://www.ubuntu.com/usn/USN-2480-1   |   BID:72210   |   URL:http://www.securityfocus.com/bid/72210   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; | ||||
| 5.5.40;5;5;40;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-3135   |   URL:http://www.debian.org/security/2015/dsa-3135   |   FEDORA:FEDORA-2015-1162   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html   |   GENTOO:GLSA-201504-05   |   URL:https://security.gentoo.org/glsa/201504-05   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   UBUNTU:USN-2480-1   |   URL:http://www.ubuntu.com/usn/USN-2480-1   |   BID:72227   |   URL:http://www.securityfocus.com/bid/72227   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732   |   XF:oracle-cpujan2015-cve20150374(100191)   |   URL:http://xforce.iss.net/xforce/xfdb/100191";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.21;5;6;21;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-3135   |   URL:http://www.debian.org/security/2015/dsa-3135   |   FEDORA:FEDORA-2015-1162   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html   |   GENTOO:GLSA-201504-05   |   URL:https://security.gentoo.org/glsa/201504-05   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   UBUNTU:USN-2480-1   |   URL:http://www.ubuntu.com/usn/USN-2480-1   |   BID:72227   |   URL:http://www.securityfocus.com/bid/72227   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732   |   XF:oracle-cpujan2015-cve20150374(100191)   |   URL:http://xforce.iss.net/xforce/xfdb/100191";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.5.40;5;5;40;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   DEBIAN:DSA-3135   |   URL:http://www.debian.org/security/2015/dsa-3135   |   FEDORA:FEDORA-2015-1162   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html   |   GENTOO:GLSA-201504-05   |   URL:https://security.gentoo.org/glsa/201504-05   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   UBUNTU:USN-2480-1   |   URL:http://www.ubuntu.com/usn/USN-2480-1   |   BID:72214   |   URL:http://www.securityfocus.com/bid/72214   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732   |   XF:oracle-cpujan2015-cve20150381(100185)   |   URL:http://xforce.iss.net/xforce/xfdb/100185";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.21;5;6;21;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   DEBIAN:DSA-3135   |   URL:http://www.debian.org/security/2015/dsa-3135   |   FEDORA:FEDORA-2015-1162   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html   |   GENTOO:GLSA-201504-05   |   URL:https://security.gentoo.org/glsa/201504-05   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   UBUNTU:USN-2480-1   |   URL:http://www.ubuntu.com/usn/USN-2480-1   |   BID:72214   |   URL:http://www.securityfocus.com/bid/72214   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732   |   XF:oracle-cpujan2015-cve20150381(100185)   |   URL:http://xforce.iss.net/xforce/xfdb/100185";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.5.40;5;5;40;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   DEBIAN:DSA-3135   |   URL:http://www.debian.org/security/2015/dsa-3135   |   FEDORA:FEDORA-2015-1162   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html   |   GENTOO:GLSA-201504-05   |   URL:https://security.gentoo.org/glsa/201504-05   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   UBUNTU:USN-2480-1   |   URL:http://www.ubuntu.com/usn/USN-2480-1   |   BID:72200   |   URL:http://www.securityfocus.com/bid/72200   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732   |   XF:oracle-cpujan2015-cve20150382(100184)   |   URL:http://xforce.iss.net/xforce/xfdb/100184";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.21;5;6;21;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   DEBIAN:DSA-3135   |   URL:http://www.debian.org/security/2015/dsa-3135   |   FEDORA:FEDORA-2015-1162   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html   |   GENTOO:GLSA-201504-05   |   URL:https://security.gentoo.org/glsa/201504-05   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   UBUNTU:USN-2480-1   |   URL:http://www.ubuntu.com/usn/USN-2480-1   |   BID:72200   |   URL:http://www.securityfocus.com/bid/72200   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732   |   XF:oracle-cpujan2015-cve20150382(100184)   |   URL:http://xforce.iss.net/xforce/xfdb/100184";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.21;5;6;21;CVE-2015-0385;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   GENTOO:GLSA-201504-05   |   URL:https://security.gentoo.org/glsa/201504-05   |   BID:72229   |   URL:http://www.securityfocus.com/bid/72229   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   XF:oracle-cpujan2015-cve20150385(100190)   |   URL:http://xforce.iss.net/xforce/xfdb/100190";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.5.38;5;5;38;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   GENTOO:GLSA-201504-05   |   URL:https://security.gentoo.org/glsa/201504-05   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:72205   |   URL:http://www.securityfocus.com/bid/72205   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732   |   XF:oracle-cpujan2015-cve20150391(100186)   |   URL:http://xforce.iss.net/xforce/xfdb/100186";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.19;5;6;19;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   GENTOO:GLSA-201504-05   |   URL:https://security.gentoo.org/glsa/201504-05   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   BID:72205   |   URL:http://www.securityfocus.com/bid/72205   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732   |   XF:oracle-cpujan2015-cve20150391(100186)   |   URL:http://xforce.iss.net/xforce/xfdb/100186";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.22;5;6;22;CVE-2015-0405;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.21;5;6;21;CVE-2015-0409;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201504-05   |   URL:https://security.gentoo.org/glsa/201504-05   |   BID:72223   |   URL:http://www.securityfocus.com/bid/72223   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   XF:oracle-cpujan2015-cve20150409(100188)   |   URL:http://xforce.iss.net/xforce/xfdb/100188";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.5.40;5;5;40;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   DEBIAN:DSA-3135   |   URL:http://www.debian.org/security/2015/dsa-3135   |   FEDORA:FEDORA-2015-1162   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html   |   GENTOO:GLSA-201504-05   |   URL:https://security.gentoo.org/glsa/201504-05   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   UBUNTU:USN-2480-1   |   URL:http://www.ubuntu.com/usn/USN-2480-1   |   BID:72191   |   URL:http://www.securityfocus.com/bid/72191   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732   |   XF:oracle-cpujan2015-cve20150411(100183)   |   URL:http://xforce.iss.net/xforce/xfdb/100183";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.21;5;6;21;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   DEBIAN:DSA-3135   |   URL:http://www.debian.org/security/2015/dsa-3135   |   FEDORA:FEDORA-2015-1162   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html   |   GENTOO:GLSA-201504-05   |   URL:https://security.gentoo.org/glsa/201504-05   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   UBUNTU:USN-2480-1   |   URL:http://www.ubuntu.com/usn/USN-2480-1   |   BID:72191   |   URL:http://www.securityfocus.com/bid/72191   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732   |   XF:oracle-cpujan2015-cve20150411(100183)   |   URL:http://xforce.iss.net/xforce/xfdb/100183";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.22;5;6;22;CVE-2015-0423;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.5.40;5;5;40;CVE-2015-0432;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-3135   |   URL:http://www.debian.org/security/2015/dsa-3135   |   FEDORA:FEDORA-2015-1162   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html   |   GENTOO:GLSA-201504-05   |   URL:https://security.gentoo.org/glsa/201504-05   |   REDHAT:RHSA-2015:0116   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html   |   REDHAT:RHSA-2015:0117   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html   |   REDHAT:RHSA-2015:0118   |   URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0743   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html   |   UBUNTU:USN-2480-1   |   URL:http://www.ubuntu.com/usn/USN-2480-1   |   BID:72217   |   URL:http://www.securityfocus.com/bid/72217   |   SECTRACK:1031581   |   URL:http://www.securitytracker.com/id/1031581   |   SECUNIA:62728   |   URL:http://secunia.com/advisories/62728   |   SECUNIA:62730   |   URL:http://secunia.com/advisories/62730   |   SECUNIA:62732   |   URL:http://secunia.com/advisories/62732   |   XF:oracle-cpujan2015-cve20150432(100187)   |   URL:http://xforce.iss.net/xforce/xfdb/100187";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.5.41;5;5;41;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   DEBIAN:DSA-3229   |   URL:http://www.debian.org/security/2015/dsa-3229   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   UBUNTU:USN-2575-1   |   URL:http://www.ubuntu.com/usn/USN-2575-1   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.22;5;6;22;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   DEBIAN:DSA-3229   |   URL:http://www.debian.org/security/2015/dsa-3229   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   UBUNTU:USN-2575-1   |   URL:http://www.ubuntu.com/usn/USN-2575-1   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.22;5;6;22;CVE-2015-0438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.22;5;6;22;CVE-2015-0439;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-4756.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   BID:74085   |   URL:http://www.securityfocus.com/bid/74085   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.5.41;5;5;41;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   DEBIAN:DSA-3229   |   URL:http://www.debian.org/security/2015/dsa-3229   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   UBUNTU:USN-2575-1   |   URL:http://www.ubuntu.com/usn/USN-2575-1   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.22;5;6;22;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   DEBIAN:DSA-3229   |   URL:http://www.debian.org/security/2015/dsa-3229   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   UBUNTU:USN-2575-1   |   URL:http://www.ubuntu.com/usn/USN-2575-1   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-0498;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.5.42;5;5;42;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-3229   |   URL:http://www.debian.org/security/2015/dsa-3229   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   MANDRIVA:MDVSA-2015:227   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   UBUNTU:USN-2575-1   |   URL:http://www.ubuntu.com/usn/USN-2575-1   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-3229   |   URL:http://www.debian.org/security/2015/dsa-3229   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   MANDRIVA:MDVSA-2015:227   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   UBUNTU:USN-2575-1   |   URL:http://www.ubuntu.com/usn/USN-2575-1   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-0500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   BID:74081   |   URL:http://www.securityfocus.com/bid/74081   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.5.42;5;5;42;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   DEBIAN:DSA-3229   |   URL:http://www.debian.org/security/2015/dsa-3229   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   MANDRIVA:MDVSA-2015:227   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   UBUNTU:USN-2575-1   |   URL:http://www.ubuntu.com/usn/USN-2575-1   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   DEBIAN:DSA-3229   |   URL:http://www.debian.org/security/2015/dsa-3229   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   MANDRIVA:MDVSA-2015:227   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   UBUNTU:USN-2575-1   |   URL:http://www.ubuntu.com/usn/USN-2575-1   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-0503;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.5.42;5;5;42;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-3229   |   URL:http://www.debian.org/security/2015/dsa-3229   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   MANDRIVA:MDVSA-2015:227   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   UBUNTU:USN-2575-1   |   URL:http://www.ubuntu.com/usn/USN-2575-1   |   BID:74112   |   URL:http://www.securityfocus.com/bid/74112   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-3229   |   URL:http://www.debian.org/security/2015/dsa-3229   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   MANDRIVA:MDVSA-2015:227   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   UBUNTU:USN-2575-1   |   URL:http://www.ubuntu.com/usn/USN-2575-1   |   BID:74112   |   URL:http://www.securityfocus.com/bid/74112   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-0506;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2015-0508.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-0507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-0508;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0506.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-0511;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; | ||||
| 5.6.22;5;6;22;CVE-2015-2566;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-2567;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.5.41;5;5;41;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   DEBIAN:DSA-3229   |   URL:http://www.debian.org/security/2015/dsa-3229   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   UBUNTU:USN-2575-1   |   URL:http://www.ubuntu.com/usn/USN-2575-1   |   BID:74073   |   URL:http://www.securityfocus.com/bid/74073   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.22;5;6;22;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   DEBIAN:DSA-3229   |   URL:http://www.debian.org/security/2015/dsa-3229   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   UBUNTU:USN-2575-1   |   URL:http://www.ubuntu.com/usn/USN-2575-1   |   BID:74073   |   URL:http://www.securityfocus.com/bid/74073   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.5.42;5;5;42;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-3229   |   URL:http://www.debian.org/security/2015/dsa-3229   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   MANDRIVA:MDVSA-2015:227   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   UBUNTU:USN-2575-1   |   URL:http://www.ubuntu.com/usn/USN-2575-1   |   BID:74095   |   URL:http://www.securityfocus.com/bid/74095   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-3229   |   URL:http://www.debian.org/security/2015/dsa-3229   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   MANDRIVA:MDVSA-2015:227   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   UBUNTU:USN-2575-1   |   URL:http://www.ubuntu.com/usn/USN-2575-1   |   BID:74095   |   URL:http://www.securityfocus.com/bid/74095   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.5.41;5;5;41;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-3229   |   URL:http://www.debian.org/security/2015/dsa-3229   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   UBUNTU:USN-2575-1   |   URL:http://www.ubuntu.com/usn/USN-2575-1   |   BID:74078   |   URL:http://www.securityfocus.com/bid/74078   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.22;5;6;22;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-3229   |   URL:http://www.debian.org/security/2015/dsa-3229   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   UBUNTU:USN-2575-1   |   URL:http://www.ubuntu.com/usn/USN-2575-1   |   BID:74078   |   URL:http://www.securityfocus.com/bid/74078   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.5.43;5;5;43;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75751   |   URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75751   |   URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-2611;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75762   |   URL:http://www.securityfocus.com/bid/75762";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-2617;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75774   |   URL:http://www.securityfocus.com/bid/75774";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.5.43;5;5;43;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75837   |   URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75837   |   URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-2639;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75760   |   URL:http://www.securityfocus.com/bid/75760";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-2641;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75815   |   URL:http://www.securityfocus.com/bid/75815";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.5.43;5;5;43;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75830   |   URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75830   |   URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.5.43;5;5;43;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75822   |   URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75822   |   URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-2661;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75813   |   URL:http://www.securityfocus.com/bid/75813";Assigned (20150320);"None (candidate not yet proposed)"; | ||||
| 5.7.2;5;7;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade   |   URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded   |   MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/   |   MISC:http://www.ocert.org/advisories/ocert-2015-003.html   |   MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability   |   MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html   |   CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/   |   CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152   |   CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-7937   |   FEDORA:FEDORA-2015-10831   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html   |   FEDORA:FEDORA-2015-10849   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html   |   BID:74398   |   URL:http://www.securityfocus.com/bid/74398   |   SECTRACK:1032216   |   URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; | ||||
| 6.1.2;6;1;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade   |   URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded   |   MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/   |   MISC:http://www.ocert.org/advisories/ocert-2015-003.html   |   MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability   |   MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html   |   CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/   |   CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152   |   CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-7937   |   FEDORA:FEDORA-2015-10831   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html   |   FEDORA:FEDORA-2015-10849   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html   |   BID:74398   |   URL:http://www.securityfocus.com/bid/74398   |   SECTRACK:1032216   |   URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; | ||||
| 5.5.43;5;5;43;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade   |   URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded   |   MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/   |   MISC:http://www.ocert.org/advisories/ocert-2015-003.html   |   MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability   |   MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html   |   CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/   |   CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152   |   CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-7937   |   FEDORA:FEDORA-2015-10831   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html   |   FEDORA:FEDORA-2015-10849   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html   |   BID:74398   |   URL:http://www.securityfocus.com/bid/74398   |   SECTRACK:1032216   |   URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; | ||||
| 5.5.43;5;5;43;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75802   |   URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75802   |   URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.43;5;5;43;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75849   |   URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75849   |   URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.22;5;6;22;CVE-2015-4756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0439.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   BID:75785   |   URL:http://www.securityfocus.com/bid/75785";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.42;5;5;42;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75759   |   URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75759   |   URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-4761;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75770   |   URL:http://www.securityfocus.com/bid/75770";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.25;5;6;25;CVE-2015-4766;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77232   |   URL:http://www.securityfocus.com/bid/77232   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-4767;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4769.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75844   |   URL:http://www.securityfocus.com/bid/75844";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-4769;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4767.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75753   |   URL:http://www.securityfocus.com/bid/75753";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-4771;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75835   |   URL:http://www.securityfocus.com/bid/75835";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-4772;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75781   |   URL:http://www.securityfocus.com/bid/75781";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4791;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   BID:77213   |   URL:http://www.securityfocus.com/bid/77213   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2015:2244   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html   |   SUSE:openSUSE-SU-2015:2246   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77171   |   URL:http://www.securityfocus.com/bid/77171   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2015:2244   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html   |   SUSE:openSUSE-SU-2015:2246   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77171   |   URL:http://www.securityfocus.com/bid/77171   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4800;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77216   |   URL:http://www.securityfocus.com/bid/77216   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2015:2244   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html   |   SUSE:openSUSE-SU-2015:2246   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77165   |   URL:http://www.securityfocus.com/bid/77165   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2015:2244   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html   |   SUSE:openSUSE-SU-2015:2246   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77165   |   URL:http://www.securityfocus.com/bid/77165   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2015:2244   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html   |   SUSE:openSUSE-SU-2015:2246   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77222   |   URL:http://www.securityfocus.com/bid/77222   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2015:2244   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html   |   SUSE:openSUSE-SU-2015:2246   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77222   |   URL:http://www.securityfocus.com/bid/77222   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.44;5;5;44;CVE-2015-4816;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77134   |   URL:http://www.securityfocus.com/bid/77134   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.44;5;5;44;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77196   |   URL:http://www.securityfocus.com/bid/77196   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.25;5;6;25;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77196   |   URL:http://www.securityfocus.com/bid/77196   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2015:2244   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html   |   SUSE:openSUSE-SU-2015:2246   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77237   |   URL:http://www.securityfocus.com/bid/77237   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2015:2244   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html   |   SUSE:openSUSE-SU-2015:2246   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77237   |   URL:http://www.securityfocus.com/bid/77237   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2015:2244   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html   |   SUSE:openSUSE-SU-2015:2246   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77228   |   URL:http://www.securityfocus.com/bid/77228   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2015:2244   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html   |   SUSE:openSUSE-SU-2015:2246   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77228   |   URL:http://www.securityfocus.com/bid/77228   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.25;5;6;25;CVE-2015-4833;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77170   |   URL:http://www.securityfocus.com/bid/77170   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2015:2244   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html   |   SUSE:openSUSE-SU-2015:2246   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77190   |   URL:http://www.securityfocus.com/bid/77190   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2015:2244   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html   |   SUSE:openSUSE-SU-2015:2246   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77190   |   URL:http://www.securityfocus.com/bid/77190   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2015:2244   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html   |   SUSE:openSUSE-SU-2015:2246   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77145   |   URL:http://www.securityfocus.com/bid/77145   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2015:2244   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html   |   SUSE:openSUSE-SU-2015:2246   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77145   |   URL:http://www.securityfocus.com/bid/77145   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2015:2244   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html   |   SUSE:openSUSE-SU-2015:2246   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77137   |   URL:http://www.securityfocus.com/bid/77137   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2015:2244   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html   |   SUSE:openSUSE-SU-2015:2246   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77137   |   URL:http://www.securityfocus.com/bid/77137   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4862;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77147   |   URL:http://www.securityfocus.com/bid/77147   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.43;5;5;43;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77187   |   URL:http://www.securityfocus.com/bid/77187   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.24;5;6;24;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77187   |   URL:http://www.securityfocus.com/bid/77187   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-4866;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77132   |   URL:http://www.securityfocus.com/bid/77132   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"MISC:http://packetstormsecurity.com/files/137232/MySQL-Procedure-Analyse-Denial-Of-Service.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2015:2244   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html   |   SUSE:openSUSE-SU-2015:2246   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77208   |   URL:http://www.securityfocus.com/bid/77208   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"MISC:http://packetstormsecurity.com/files/137232/MySQL-Procedure-Analyse-Denial-Of-Service.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2015:2244   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html   |   SUSE:openSUSE-SU-2015:2246   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77208   |   URL:http://www.securityfocus.com/bid/77208   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.44;5;5;44;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77140   |   URL:http://www.securityfocus.com/bid/77140   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.25;5;6;25;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77140   |   URL:http://www.securityfocus.com/bid/77140   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4890;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77231   |   URL:http://www.securityfocus.com/bid/77231   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.25;5;6;25;CVE-2015-4895;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77136   |   URL:http://www.securityfocus.com/bid/77136   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.25;5;6;25;CVE-2015-4904;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77219   |   URL:http://www.securityfocus.com/bid/77219   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.23;5;6;23;CVE-2015-4905;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   BID:77143   |   URL:http://www.securityfocus.com/bid/77143   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4910;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77234   |   URL:http://www.securityfocus.com/bid/77234   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2015:2244   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html   |   SUSE:openSUSE-SU-2015:2246   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77153   |   URL:http://www.securityfocus.com/bid/77153   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2015:2244   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html   |   SUSE:openSUSE-SU-2015:2246   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77153   |   URL:http://www.securityfocus.com/bid/77153   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||
| 5.6.27;5;6;27;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2016:0379   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; | ||||
| 2.17.0;2;17;0;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2016:0379   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; | ||||
| 10.0.21;10;0;21;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2016:0379   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; | ||||
| 2.21.1;2;21;1;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2016:0379   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; | ||||
| 5.4.42;5;4;42;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4   |   CONFIRM:http://php.net/ChangeLog-5.php   |   CONFIRM:https://bugs.php.net/bug.php?id=69669   |   SUSE:SUSE-SU-2016:1145   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html   |   SUSE:SUSE-SU-2016:1166   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html   |   SUSE:openSUSE-SU-2016:1167   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html   |   SUSE:openSUSE-SU-2016:1173   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html   |   UBUNTU:USN-2952-1   |   URL:http://www.ubuntu.com/usn/USN-2952-1   |   UBUNTU:USN-2952-2   |   URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; | ||||
| 5.5.26;5;5;26;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4   |   CONFIRM:http://php.net/ChangeLog-5.php   |   CONFIRM:https://bugs.php.net/bug.php?id=69669   |   SUSE:SUSE-SU-2016:1145   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html   |   SUSE:SUSE-SU-2016:1166   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html   |   SUSE:openSUSE-SU-2016:1167   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html   |   SUSE:openSUSE-SU-2016:1173   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html   |   UBUNTU:USN-2952-1   |   URL:http://www.ubuntu.com/usn/USN-2952-1   |   UBUNTU:USN-2952-2   |   URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; | ||||
| 5.6.10;5;6;10;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4   |   CONFIRM:http://php.net/ChangeLog-5.php   |   CONFIRM:https://bugs.php.net/bug.php?id=69669   |   SUSE:SUSE-SU-2016:1145   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html   |   SUSE:SUSE-SU-2016:1166   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html   |   SUSE:openSUSE-SU-2016:1167   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html   |   SUSE:openSUSE-SU-2016:1173   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html   |   UBUNTU:USN-2952-1   |   URL:http://www.ubuntu.com/usn/USN-2952-1   |   UBUNTU:USN-2952-2   |   URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   DEBIAN:DSA-3459   |   URL:http://www.debian.org/security/2016/dsa-3459   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:1686   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html   |   SUSE:SUSE-SU-2016:1619   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html   |   SUSE:SUSE-SU-2016:1620   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html   |   SUSE:openSUSE-SU-2016:1664   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html   |   SUSE:openSUSE-SU-2016:0377   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html   |   UBUNTU:USN-2881-1   |   URL:http://www.ubuntu.com/usn/USN-2881-1   |   BID:81066   |   URL:http://www.securityfocus.com/bid/81066   |   SECTRACK:1034708   |   URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   DEBIAN:DSA-3459   |   URL:http://www.debian.org/security/2016/dsa-3459   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:1686   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html   |   SUSE:SUSE-SU-2016:1619   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html   |   SUSE:SUSE-SU-2016:1620   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html   |   SUSE:openSUSE-SU-2016:1664   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html   |   SUSE:openSUSE-SU-2016:0377   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html   |   UBUNTU:USN-2881-1   |   URL:http://www.ubuntu.com/usn/USN-2881-1   |   BID:81066   |   URL:http://www.securityfocus.com/bid/81066   |   SECTRACK:1034708   |   URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; | ||||
| 5.7.8;5;7;8;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   DEBIAN:DSA-3459   |   URL:http://www.debian.org/security/2016/dsa-3459   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:1686   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html   |   SUSE:SUSE-SU-2016:1619   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html   |   SUSE:SUSE-SU-2016:1620   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html   |   SUSE:openSUSE-SU-2016:1664   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html   |   SUSE:openSUSE-SU-2016:0377   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html   |   UBUNTU:USN-2881-1   |   URL:http://www.ubuntu.com/usn/USN-2881-1   |   BID:81066   |   URL:http://www.securityfocus.com/bid/81066   |   SECTRACK:1034708   |   URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; | ||||
| 5.5.46;5;5;46;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   DEBIAN:DSA-3459   |   URL:http://www.debian.org/security/2016/dsa-3459   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:1686   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html   |   SUSE:SUSE-SU-2016:1619   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html   |   SUSE:SUSE-SU-2016:1620   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html   |   SUSE:openSUSE-SU-2016:1664   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html   |   SUSE:openSUSE-SU-2016:0377   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html   |   UBUNTU:USN-2881-1   |   URL:http://www.ubuntu.com/usn/USN-2881-1   |   BID:81066   |   URL:http://www.securityfocus.com/bid/81066   |   SECTRACK:1034708   |   URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; | ||||
| 10.0.22;10;0;22;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   DEBIAN:DSA-3459   |   URL:http://www.debian.org/security/2016/dsa-3459   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:1686   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html   |   SUSE:SUSE-SU-2016:1619   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html   |   SUSE:SUSE-SU-2016:1620   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html   |   SUSE:openSUSE-SU-2016:1664   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html   |   SUSE:openSUSE-SU-2016:0377   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html   |   UBUNTU:USN-2881-1   |   URL:http://www.ubuntu.com/usn/USN-2881-1   |   BID:81066   |   URL:http://www.securityfocus.com/bid/81066   |   SECTRACK:1034708   |   URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; | ||||
| 10.1.9;10;1;9;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html   |   CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   DEBIAN:DSA-3459   |   URL:http://www.debian.org/security/2016/dsa-3459   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:openSUSE-SU-2016:0367   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html   |   SUSE:openSUSE-SU-2016:1686   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html   |   SUSE:SUSE-SU-2016:1619   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html   |   SUSE:SUSE-SU-2016:1620   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html   |   SUSE:openSUSE-SU-2016:1664   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html   |   SUSE:openSUSE-SU-2016:0377   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html   |   UBUNTU:USN-2881-1   |   URL:http://www.ubuntu.com/usn/USN-2881-1   |   BID:81066   |   URL:http://www.securityfocus.com/bid/81066   |   SECTRACK:1034708   |   URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; | ||||
| 5.5.46;5;5;46;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   DEBIAN:DSA-3557   |   URL:http://www.debian.org/security/2016/dsa-3557   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:openSUSE-SU-2016:1686   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html   |   SUSE:SUSE-SU-2016:1619   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html   |   SUSE:SUSE-SU-2016:1620   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html   |   SUSE:openSUSE-SU-2016:1664   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html   |   SUSE:SUSE-SU-2016:1279   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html   |   SUSE:openSUSE-SU-2016:1332   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html   |   UBUNTU:USN-2953-1   |   URL:http://www.ubuntu.com/usn/USN-2953-1   |   UBUNTU:USN-2954-1   |   URL:http://www.ubuntu.com/usn/USN-2954-1   |   BID:81810   |   URL:http://www.securityfocus.com/bid/81810   |   SECTRACK:1035606   |   URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; | ||||
| 10.0.22;10;0;22;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   DEBIAN:DSA-3557   |   URL:http://www.debian.org/security/2016/dsa-3557   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:openSUSE-SU-2016:1686   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html   |   SUSE:SUSE-SU-2016:1619   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html   |   SUSE:SUSE-SU-2016:1620   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html   |   SUSE:openSUSE-SU-2016:1664   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html   |   SUSE:SUSE-SU-2016:1279   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html   |   SUSE:openSUSE-SU-2016:1332   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html   |   UBUNTU:USN-2953-1   |   URL:http://www.ubuntu.com/usn/USN-2953-1   |   UBUNTU:USN-2954-1   |   URL:http://www.ubuntu.com/usn/USN-2954-1   |   BID:81810   |   URL:http://www.securityfocus.com/bid/81810   |   SECTRACK:1035606   |   URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; | ||||
| 10.1.9;10;1;9;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   DEBIAN:DSA-3557   |   URL:http://www.debian.org/security/2016/dsa-3557   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:openSUSE-SU-2016:1686   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html   |   SUSE:SUSE-SU-2016:1619   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html   |   SUSE:SUSE-SU-2016:1620   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html   |   SUSE:openSUSE-SU-2016:1664   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html   |   SUSE:SUSE-SU-2016:1279   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html   |   SUSE:openSUSE-SU-2016:1332   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html   |   UBUNTU:USN-2953-1   |   URL:http://www.ubuntu.com/usn/USN-2953-1   |   UBUNTU:USN-2954-1   |   URL:http://www.ubuntu.com/usn/USN-2954-1   |   BID:81810   |   URL:http://www.securityfocus.com/bid/81810   |   SECTRACK:1035606   |   URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; | ||||
| 5.5.47;5;5;47;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   DEBIAN:DSA-3557   |   URL:http://www.debian.org/security/2016/dsa-3557   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:openSUSE-SU-2016:1686   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html   |   SUSE:SUSE-SU-2016:1619   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html   |   SUSE:SUSE-SU-2016:1620   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html   |   SUSE:openSUSE-SU-2016:1664   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html   |   SUSE:SUSE-SU-2016:1279   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html   |   SUSE:openSUSE-SU-2016:1332   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html   |   UBUNTU:USN-2953-1   |   URL:http://www.ubuntu.com/usn/USN-2953-1   |   UBUNTU:USN-2954-1   |   URL:http://www.ubuntu.com/usn/USN-2954-1   |   BID:81810   |   URL:http://www.securityfocus.com/bid/81810   |   SECTRACK:1035606   |   URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; | ||||
| 5.6.28;5;6;28;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   DEBIAN:DSA-3557   |   URL:http://www.debian.org/security/2016/dsa-3557   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:openSUSE-SU-2016:1686   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html   |   SUSE:SUSE-SU-2016:1619   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html   |   SUSE:SUSE-SU-2016:1620   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html   |   SUSE:openSUSE-SU-2016:1664   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html   |   SUSE:SUSE-SU-2016:1279   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html   |   SUSE:openSUSE-SU-2016:1332   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html   |   UBUNTU:USN-2953-1   |   URL:http://www.ubuntu.com/usn/USN-2953-1   |   UBUNTU:USN-2954-1   |   URL:http://www.ubuntu.com/usn/USN-2954-1   |   BID:81810   |   URL:http://www.securityfocus.com/bid/81810   |   SECTRACK:1035606   |   URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; | ||||
| 5.7.10;5;7;10;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation   |   URL:http://www.openwall.com/lists/oss-security/2016/01/26/3   |   CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3453   |   URL:http://www.debian.org/security/2016/dsa-3453   |   DEBIAN:DSA-3557   |   URL:http://www.debian.org/security/2016/dsa-3557   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:openSUSE-SU-2016:1686   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html   |   SUSE:SUSE-SU-2016:1619   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html   |   SUSE:SUSE-SU-2016:1620   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html   |   SUSE:openSUSE-SU-2016:1664   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html   |   SUSE:SUSE-SU-2016:1279   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html   |   SUSE:openSUSE-SU-2016:1332   |   URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html   |   UBUNTU:USN-2953-1   |   URL:http://www.ubuntu.com/usn/USN-2953-1   |   UBUNTU:USN-2954-1   |   URL:http://www.ubuntu.com/usn/USN-2954-1   |   BID:81810   |   URL:http://www.securityfocus.com/bid/81810   |   SECTRACK:1035606   |   URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; | ||||
| 5.7.12;5;7;12;CVE-2016-3424;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91976   |   URL:http://www.securityfocus.com/bid/91976";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.7.11;5;7;11;CVE-2016-3440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91910   |   URL:http://www.securityfocus.com/bid/91910";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.5.47;5;5;47;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91999   |   URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.6.28;5;6;28;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91999   |   URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.7.9;5;7;9;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91999   |   URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.5.48;5;5;48;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91999   |   URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.6.29;5;6;29;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91999   |   URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.7.10;5;7;10;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91999   |   URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.5.49;5;5;49;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91999   |   URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 10.0.25;10;0;25;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91999   |   URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 10.1.14;10;1;14;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91999   |   URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.6.30;5;6;30;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91943   |   URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.7.12;5;7;12;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91943   |   URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 10.0.25;10;0;25;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91943   |   URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 10.1.14;10;1;14;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91943   |   URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 3.0.25;3;0;25;CVE-2016-3461;Candidate;"Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality; integrity; and availability via vectors related to Monitoring: Server.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 3.1.2;3;1;2;CVE-2016-3461;Candidate;"Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality; integrity; and availability via vectors related to Monitoring: Server.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 10.0.24;10;0;24;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91999   |   URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 10.1.13;10;1;13;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91999   |   URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.6.29;5;6;29;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91943   |   URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.7.11;5;7;11;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91943   |   URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 10.0.24;10;0;24;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91943   |   URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 10.1.13;10;1;13;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91943   |   URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 3.0.25;3;0;25;CVE-2016-3461;Candidate;"Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality; integrity; and availability via vectors related to Monitoring: Server.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html   |   SECTRACK:1035606   |   URL:http://www.securitytracker.com/id/1035606";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 3.1.2;3;1;2;CVE-2016-3461;Candidate;"Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality; integrity; and availability via vectors related to Monitoring: Server.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html   |   SECTRACK:1035606   |   URL:http://www.securitytracker.com/id/1035606";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.5.45;5;5;45;CVE-2016-3471;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Option.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91913   |   URL:http://www.securityfocus.com/bid/91913";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2016-3471;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Option.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91913   |   URL:http://www.securityfocus.com/bid/91913";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.5.48;5;5;48;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91902   |   URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.6.29;5;6;29;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91902   |   URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.7.11;5;7;11;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91902   |   URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.5.49;5;5;49;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91902   |   URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.6.30;5;6;30;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91902   |   URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.7.12;5;7;12;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91902   |   URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.5.50;5;5;50;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91902   |   URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 10.0.26;10;0;26;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91902   |   URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 10.1.15;10;1;15;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91902   |   URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 10.0.25;10;0;25;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91902   |   URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 10.1.14;10;1;14;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91902   |   URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.6.30;5;6;30;CVE-2016-3486;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91980   |   URL:http://www.securityfocus.com/bid/91980";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.7.12;5;7;12;CVE-2016-3486;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91980   |   URL:http://www.securityfocus.com/bid/91980";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.5.51;5;5;51;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93650   |   URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.6.32;5;6;32;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93650   |   URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.7.14;5;7;14;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93650   |   URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.7.13;5;7;13;CVE-2016-3495;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93670   |   URL:http://www.securityfocus.com/bid/93670";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.5.51;5;5;51;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93650   |   URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.6.32;5;6;32;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93650   |   URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.7.14;5;7;14;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93650   |   URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.7.13;5;7;13;CVE-2016-3495;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93670   |   URL:http://www.securityfocus.com/bid/93670";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.6.30;5;6;30;CVE-2016-3501;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91949   |   URL:http://www.securityfocus.com/bid/91949";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.7.12;5;7;12;CVE-2016-3501;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91949   |   URL:http://www.securityfocus.com/bid/91949";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.7.12;5;7;12;CVE-2016-3518;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91967   |   URL:http://www.securityfocus.com/bid/91967";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.5.48;5;5;48;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91932   |   URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.6.29;5;6;29;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91932   |   URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.7.11;5;7;11;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91932   |   URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.5.49;5;5;49;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91932   |   URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.6.30;5;6;30;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91932   |   URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.7.12;5;7;12;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91932   |   URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.5.50;5;5;50;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91932   |   URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 10.0.26;10;0;26;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91932   |   URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 10.1.15;10;1;15;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91932   |   URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 10.0.25;10;0;25;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91932   |   URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 10.1.14;10;1;14;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91932   |   URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.7.12;5;7;12;CVE-2016-3588;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91983   |   URL:http://www.securityfocus.com/bid/91983";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.6.30;5;6;30;CVE-2016-3614;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91992   |   URL:http://www.securityfocus.com/bid/91992";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.7.12;5;7;12;CVE-2016-3614;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91992   |   URL:http://www.securityfocus.com/bid/91992";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.5.48;5;5;48;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91960   |   URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.6.29;5;6;29;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91960   |   URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.7.11;5;7;11;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91960   |   URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.5.49;5;5;49;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91960   |   URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.6.30;5;6;30;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91960   |   URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.7.12;5;7;12;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91960   |   URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.5.50;5;5;50;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91960   |   URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 10.0.26;10;0;26;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91960   |   URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 10.1.15;10;1;15;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91960   |   URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 10.0.25;10;0;25;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91960   |   URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 10.1.14;10;1;14;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91960   |   URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; | ||||
| 5.7.12;5;7;12;CVE-2016-5436;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91906   |   URL:http://www.securityfocus.com/bid/91906";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.12;5;7;12;CVE-2016-5437;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91917   |   URL:http://www.securityfocus.com/bid/91917";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.6.30;5;6;30;CVE-2016-5439;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91969   |   URL:http://www.securityfocus.com/bid/91969";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.12;5;7;12;CVE-2016-5439;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91969   |   URL:http://www.securityfocus.com/bid/91969";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.5.48;5;5;48;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91953   |   URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.6.29;5;6;29;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91953   |   URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.11;5;7;11;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91953   |   URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.5.49;5;5;49;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91953   |   URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.6.30;5;6;30;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91953   |   URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.12;5;7;12;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91953   |   URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.5.50;5;5;50;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91953   |   URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 10.0.26;10;0;26;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91953   |   URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 10.1.15;10;1;15;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91953   |   URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 10.0.25;10;0;25;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91953   |   URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 10.1.14;10;1;14;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   DEBIAN:DSA-3624   |   URL:http://www.debian.org/security/2016/dsa-3624   |   DEBIAN:DSA-3632   |   URL:http://www.debian.org/security/2016/dsa-3632   |   REDHAT:RHSA-2016:1601   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   REDHAT:RHSA-2016:1603   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html   |   REDHAT:RHSA-2016:1604   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html   |   REDHAT:RHSA-2016:1637   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html   |   SUSE:openSUSE-SU-2016:2278   |   URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91953   |   URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.12;5;7;12;CVE-2016-5441;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91915   |   URL:http://www.securityfocus.com/bid/91915";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.12;5;7;12;CVE-2016-5442;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91974   |   URL:http://www.securityfocus.com/bid/91974";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.12;5;7;12;CVE-2016-5443;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   UBUNTU:USN-3040-1   |   URL:http://www.ubuntu.com/usn/USN-3040-1   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91963   |   URL:http://www.securityfocus.com/bid/91963";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.5.47;5;5;47;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91987   |   URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.6.28;5;6;28;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91987   |   URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.10;5;7;10;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91987   |   URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.5.48;5;5;48;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91987   |   URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.6.29;5;6;29;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91987   |   URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.11;5;7;11;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91987   |   URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.5.49;5;5;49;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91987   |   URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 10.0.25;10;0;25;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91987   |   URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 10.1.14;10;1;14;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91987   |   URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.6.32;5;6;32;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93678   |   URL:http://www.securityfocus.com/bid/93678";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.14;5;7;14;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93678   |   URL:http://www.securityfocus.com/bid/93678";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.5.52;5;5;52;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93735   |   URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.6.33;5;6;33;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93735   |   URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.15;5;7;15;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93735   |   URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.5.51;5;5;51;CVE-2016-5616;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93614   |   URL:http://www.securityfocus.com/bid/93614";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.6.32;5;6;32;CVE-2016-5616;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93614   |   URL:http://www.securityfocus.com/bid/93614";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.14;5;7;14;CVE-2016-5616;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93614   |   URL:http://www.securityfocus.com/bid/93614";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.5.51;5;5;51;CVE-2016-5617;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93612   |   URL:http://www.securityfocus.com/bid/93612";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.6.32;5;6;32;CVE-2016-5617;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93612   |   URL:http://www.securityfocus.com/bid/93612";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.14;5;7;14;CVE-2016-5617;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93612   |   URL:http://www.securityfocus.com/bid/93612";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.14;5;7;14;CVE-2016-5625;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Packaging.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93617   |   URL:http://www.securityfocus.com/bid/93617";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.6.31;5;6;31;CVE-2016-5627;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93642   |   URL:http://www.securityfocus.com/bid/93642";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.13;5;7;13;CVE-2016-5627;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93642   |   URL:http://www.securityfocus.com/bid/93642";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.13;5;7;13;CVE-2016-5628;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93662   |   URL:http://www.securityfocus.com/bid/93662";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.5.51;5;5;51;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93668   |   URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.6.32;5;6;32;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93668   |   URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.14;5;7;14;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93668   |   URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.6.31;5;6;31;CVE-2016-5630;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93674   |   URL:http://www.securityfocus.com/bid/93674";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.13;5;7;13;CVE-2016-5630;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93674   |   URL:http://www.securityfocus.com/bid/93674";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.13;5;7;13;CVE-2016-5631;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93684   |   URL:http://www.securityfocus.com/bid/93684";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.14;5;7;14;CVE-2016-5632;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93693   |   URL:http://www.securityfocus.com/bid/93693";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.13;5;7;13;CVE-2016-5633;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-8290.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93702   |   URL:http://www.securityfocus.com/bid/93702";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.13;5;7;13;CVE-2016-5635;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93715   |   URL:http://www.securityfocus.com/bid/93715";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.5.52;5;5;52;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration.  NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360   |   URL:https://www.exploit-db.com/exploits/40360/   |   FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://seclists.org/fulldisclosure/2016/Sep/23   |   MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/09/12/3   |   MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-10465   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:92912   |   URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 5.6.33;5;6;33;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration.  NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360   |   URL:https://www.exploit-db.com/exploits/40360/   |   FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://seclists.org/fulldisclosure/2016/Sep/23   |   MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/09/12/3   |   MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-10465   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:92912   |   URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 5.7.15;5;7;15;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration.  NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360   |   URL:https://www.exploit-db.com/exploits/40360/   |   FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://seclists.org/fulldisclosure/2016/Sep/23   |   MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/09/12/3   |   MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-10465   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:92912   |   URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 5.5.51;5;5;51;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration.  NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360   |   URL:https://www.exploit-db.com/exploits/40360/   |   FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://seclists.org/fulldisclosure/2016/Sep/23   |   MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/09/12/3   |   MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-10465   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:92912   |   URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 10.0.27;10;0;27;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration.  NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360   |   URL:https://www.exploit-db.com/exploits/40360/   |   FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://seclists.org/fulldisclosure/2016/Sep/23   |   MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/09/12/3   |   MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-10465   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:92912   |   URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 10.1.17;10;1;17;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration.  NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360   |   URL:https://www.exploit-db.com/exploits/40360/   |   FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://seclists.org/fulldisclosure/2016/Sep/23   |   MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/09/12/3   |   MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-10465   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:92912   |   URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 5.6.32;5;6;32;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration.  NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360   |   URL:https://www.exploit-db.com/exploits/40360/   |   FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://seclists.org/fulldisclosure/2016/Sep/23   |   MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/09/12/3   |   MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-10465   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:92912   |   URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 5.7.14;5;7;14;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration.  NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360   |   URL:https://www.exploit-db.com/exploits/40360/   |   FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://seclists.org/fulldisclosure/2016/Sep/23   |   MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/09/12/3   |   MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-10465   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:92912   |   URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 5.6.26;5;6;26;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11   |   URL:http://www.openwall.com/lists/oss-security/2016/09/15/10   |   CONFIRM:http://www.php.net/ChangeLog-5.php   |   CONFIRM:http://www.php.net/ChangeLog-7.php   |   CONFIRM:https://bugs.php.net/bug.php?id=72293   |   CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1   |   BID:93005   |   URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; | ||||
| 7.0.11;7;0;11;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11   |   URL:http://www.openwall.com/lists/oss-security/2016/09/15/10   |   CONFIRM:http://www.php.net/ChangeLog-5.php   |   CONFIRM:http://www.php.net/ChangeLog-7.php   |   CONFIRM:https://bugs.php.net/bug.php?id=72293   |   CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1   |   BID:93005   |   URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; | ||||
| 5.5.51;5;5;51;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93737   |   URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 5.6.32;5;6;32;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93737   |   URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 5.7.14;5;7;14;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93737   |   URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 5.6.31;5;6;31;CVE-2016-8284;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93755   |   URL:http://www.securityfocus.com/bid/93755";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 5.7.13;5;7;13;CVE-2016-8284;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93755   |   URL:http://www.securityfocus.com/bid/93755";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 5.7.14;5;7;14;CVE-2016-8286;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93745   |   URL:http://www.securityfocus.com/bid/93745";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 5.7.13;5;7;13;CVE-2016-8287;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93727   |   URL:http://www.securityfocus.com/bid/93727";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 5.6.30;5;6;30;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93740   |   URL:http://www.securityfocus.com/bid/93740";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 5.7.12;5;7;12;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93740   |   URL:http://www.securityfocus.com/bid/93740";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 5.7.13;5;7;13;CVE-2016-8289;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93720   |   URL:http://www.securityfocus.com/bid/93720";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 5.7.13;5;7;13;CVE-2016-8290;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-5633.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93733   |   URL:http://www.securityfocus.com/bid/93733";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 10.0.24;10;0;24;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91987   |   URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 10.1.13;10;1;13;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/   |   CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   REDHAT:RHSA-2016:1602   |   URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html   |   BID:91787   |   URL:http://www.securityfocus.com/bid/91787   |   BID:91987   |   URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.6.32;5;6;32;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93678   |   URL:http://www.securityfocus.com/bid/93678";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.14;5;7;14;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93678   |   URL:http://www.securityfocus.com/bid/93678";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.5.52;5;5;52;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   DEBIAN:DSA-3706   |   URL:http://www.debian.org/security/2016/dsa-3706   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93735   |   URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.6.33;5;6;33;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   DEBIAN:DSA-3706   |   URL:http://www.debian.org/security/2016/dsa-3706   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93735   |   URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.15;5;7;15;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   DEBIAN:DSA-3706   |   URL:http://www.debian.org/security/2016/dsa-3706   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93735   |   URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.14;5;7;14;CVE-2016-5625;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Packaging.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93617   |   URL:http://www.securityfocus.com/bid/93617";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.6.31;5;6;31;CVE-2016-5627;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93642   |   URL:http://www.securityfocus.com/bid/93642";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.13;5;7;13;CVE-2016-5627;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93642   |   URL:http://www.securityfocus.com/bid/93642";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.13;5;7;13;CVE-2016-5628;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93662   |   URL:http://www.securityfocus.com/bid/93662";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.5.51;5;5;51;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93668   |   URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.6.32;5;6;32;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93668   |   URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.14;5;7;14;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93668   |   URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.6.31;5;6;31;CVE-2016-5630;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93674   |   URL:http://www.securityfocus.com/bid/93674";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.13;5;7;13;CVE-2016-5630;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93674   |   URL:http://www.securityfocus.com/bid/93674";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.13;5;7;13;CVE-2016-5631;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93684   |   URL:http://www.securityfocus.com/bid/93684";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.14;5;7;14;CVE-2016-5632;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93693   |   URL:http://www.securityfocus.com/bid/93693";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.13;5;7;13;CVE-2016-5633;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-8290.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93702   |   URL:http://www.securityfocus.com/bid/93702";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.7.13;5;7;13;CVE-2016-5635;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93715   |   URL:http://www.securityfocus.com/bid/93715";Assigned (20160616);"None (candidate not yet proposed)"; | ||||
| 5.5.51;5;5;51;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360   |   URL:https://www.exploit-db.com/exploits/40360/   |   FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://seclists.org/fulldisclosure/2016/Sep/23   |   MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/09/12/3   |   MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-10465   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   DEBIAN:DSA-3666   |   URL:http://www.debian.org/security/2016/dsa-3666   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:92912   |   URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 5.6.32;5;6;32;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360   |   URL:https://www.exploit-db.com/exploits/40360/   |   FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://seclists.org/fulldisclosure/2016/Sep/23   |   MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/09/12/3   |   MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-10465   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   DEBIAN:DSA-3666   |   URL:http://www.debian.org/security/2016/dsa-3666   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:92912   |   URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 5.7.14;5;7;14;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360   |   URL:https://www.exploit-db.com/exploits/40360/   |   FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://seclists.org/fulldisclosure/2016/Sep/23   |   MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/09/12/3   |   MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-10465   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   DEBIAN:DSA-3666   |   URL:http://www.debian.org/security/2016/dsa-3666   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:92912   |   URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 5.5.50;5;5;50;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360   |   URL:https://www.exploit-db.com/exploits/40360/   |   FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://seclists.org/fulldisclosure/2016/Sep/23   |   MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/09/12/3   |   MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-10465   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   DEBIAN:DSA-3666   |   URL:http://www.debian.org/security/2016/dsa-3666   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:92912   |   URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 10.0.26;10;0;26;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360   |   URL:https://www.exploit-db.com/exploits/40360/   |   FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://seclists.org/fulldisclosure/2016/Sep/23   |   MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/09/12/3   |   MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-10465   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   DEBIAN:DSA-3666   |   URL:http://www.debian.org/security/2016/dsa-3666   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:92912   |   URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 10.1.16;10;1;16;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360   |   URL:https://www.exploit-db.com/exploits/40360/   |   FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://seclists.org/fulldisclosure/2016/Sep/23   |   MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/09/12/3   |   MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-10465   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   DEBIAN:DSA-3666   |   URL:http://www.debian.org/security/2016/dsa-3666   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:92912   |   URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 5.6.31;5;6;31;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360   |   URL:https://www.exploit-db.com/exploits/40360/   |   FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://seclists.org/fulldisclosure/2016/Sep/23   |   MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/09/12/3   |   MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-10465   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   DEBIAN:DSA-3666   |   URL:http://www.debian.org/security/2016/dsa-3666   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:92912   |   URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 5.7.13;5;7;13;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360   |   URL:https://www.exploit-db.com/exploits/40360/   |   FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://seclists.org/fulldisclosure/2016/Sep/23   |   MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/09/12/3   |   MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-10465   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   DEBIAN:DSA-3666   |   URL:http://www.debian.org/security/2016/dsa-3666   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:92912   |   URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 5.5.51;5;5;51;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678   |   URL:https://www.exploit-db.com/exploits/40678/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/10/25/4   |   MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html   |   CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805   |   CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:92911   |   URL:http://www.securityfocus.com/bid/92911   |   BID:93614   |   URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 5.6.32;5;6;32;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678   |   URL:https://www.exploit-db.com/exploits/40678/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/10/25/4   |   MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html   |   CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805   |   CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:92911   |   URL:http://www.securityfocus.com/bid/92911   |   BID:93614   |   URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 5.7.14;5;7;14;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678   |   URL:https://www.exploit-db.com/exploits/40678/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/10/25/4   |   MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html   |   CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805   |   CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:92911   |   URL:http://www.securityfocus.com/bid/92911   |   BID:93614   |   URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 8.0.0;8;0;0;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678   |   URL:https://www.exploit-db.com/exploits/40678/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/10/25/4   |   MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html   |   CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805   |   CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:92911   |   URL:http://www.securityfocus.com/bid/92911   |   BID:93614   |   URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 10.0.27;10;0;27;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678   |   URL:https://www.exploit-db.com/exploits/40678/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/10/25/4   |   MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html   |   CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805   |   CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:92911   |   URL:http://www.securityfocus.com/bid/92911   |   BID:93614   |   URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 10.1.17;10;1;17;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678   |   URL:https://www.exploit-db.com/exploits/40678/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/10/25/4   |   MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html   |   CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805   |   CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:92911   |   URL:http://www.securityfocus.com/bid/92911   |   BID:93614   |   URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 5.5.50;5;5;50;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678   |   URL:https://www.exploit-db.com/exploits/40678/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/10/25/4   |   MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html   |   CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805   |   CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:92911   |   URL:http://www.securityfocus.com/bid/92911   |   BID:93614   |   URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 5.6.31;5;6;31;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678   |   URL:https://www.exploit-db.com/exploits/40678/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/10/25/4   |   MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html   |   CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805   |   CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:92911   |   URL:http://www.securityfocus.com/bid/92911   |   BID:93614   |   URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 5.7.13;5;7;13;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678   |   URL:https://www.exploit-db.com/exploits/40678/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/10/25/4   |   MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html   |   CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805   |   CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:92911   |   URL:http://www.securityfocus.com/bid/92911   |   BID:93614   |   URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 5.5.40;5;5;40;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678   |   URL:https://www.exploit-db.com/exploits/40678/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/10/25/4   |   MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html   |   CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805   |   CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:92911   |   URL:http://www.securityfocus.com/bid/92911   |   BID:93614   |   URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 5.5.50;5;5;50;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )   |   URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded   |   EXPLOIT-DB:40679   |   URL:https://www.exploit-db.com/exploits/40679/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html   |   MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93612   |   URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 5.6.31;5;6;31;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )   |   URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded   |   EXPLOIT-DB:40679   |   URL:https://www.exploit-db.com/exploits/40679/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html   |   MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93612   |   URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 5.7.13;5;7;13;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )   |   URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded   |   EXPLOIT-DB:40679   |   URL:https://www.exploit-db.com/exploits/40679/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html   |   MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93612   |   URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 5.5.40;5;5;40;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )   |   URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded   |   EXPLOIT-DB:40679   |   URL:https://www.exploit-db.com/exploits/40679/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html   |   MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93612   |   URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; | ||||
| 5.6.25;5;6;25;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11   |   URL:http://www.openwall.com/lists/oss-security/2016/09/15/10   |   CONFIRM:http://www.php.net/ChangeLog-5.php   |   CONFIRM:http://www.php.net/ChangeLog-7.php   |   CONFIRM:https://bugs.php.net/bug.php?id=72293   |   CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1   |   BID:93005   |   URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; | ||||
| 7.0.10;7;0;10;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11   |   URL:http://www.openwall.com/lists/oss-security/2016/09/15/10   |   CONFIRM:http://www.php.net/ChangeLog-5.php   |   CONFIRM:http://www.php.net/ChangeLog-7.php   |   CONFIRM:https://bugs.php.net/bug.php?id=72293   |   CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1   |   BID:93005   |   URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; | ||||
| 5.5.51;5;5;51;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93737   |   URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 5.6.32;5;6;32;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93737   |   URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 5.7.14;5;7;14;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93737   |   URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 5.6.31;5;6;31;CVE-2016-8284;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93755   |   URL:http://www.securityfocus.com/bid/93755";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 5.7.13;5;7;13;CVE-2016-8284;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93755   |   URL:http://www.securityfocus.com/bid/93755";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 5.7.14;5;7;14;CVE-2016-8286;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93745   |   URL:http://www.securityfocus.com/bid/93745";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 5.7.13;5;7;13;CVE-2016-8287;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93727   |   URL:http://www.securityfocus.com/bid/93727";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 5.6.30;5;6;30;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93740   |   URL:http://www.securityfocus.com/bid/93740";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 5.7.12;5;7;12;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93740   |   URL:http://www.securityfocus.com/bid/93740";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 5.7.13;5;7;13;CVE-2016-8289;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93720   |   URL:http://www.securityfocus.com/bid/93720";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 5.7.13;5;7;13;CVE-2016-8290;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-5633.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93733   |   URL:http://www.securityfocus.com/bid/93733";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 5.6.34;5;6;34;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95580   |   URL:http://www.securityfocus.com/bid/95580";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 5.7.16;5;7;16;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95580   |   URL:http://www.securityfocus.com/bid/95580";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 5.6.34;5;6;34;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95557   |   URL:http://www.securityfocus.com/bid/95557";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 5.7.16;5;7;16;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95557   |   URL:http://www.securityfocus.com/bid/95557";Assigned (20160926);"None (candidate not yet proposed)"; | ||||
| 5.5.53;5;5;53;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95571   |   URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.6.34;5;6;34;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95571   |   URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.16;5;7;16;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95571   |   URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.5.53;5;5;53;CVE-2017-3243;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95538   |   URL:http://www.securityfocus.com/bid/95538";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.5.53;5;5;53;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95565   |   URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.6.34;5;6;34;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95565   |   URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.16;5;7;16;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95565   |   URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.16;5;7;16;CVE-2017-3251;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.9 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95482   |   URL:http://www.securityfocus.com/bid/95482";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.16;5;7;16;CVE-2017-3256;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95486   |   URL:http://www.securityfocus.com/bid/95486";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.6.34;5;6;34;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95589   |   URL:http://www.securityfocus.com/bid/95589";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.16;5;7;16;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95589   |   URL:http://www.securityfocus.com/bid/95589";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.5.53;5;5;53;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95560   |   URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.6.34;5;6;34;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95560   |   URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.16;5;7;16;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95560   |   URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.5.53;5;5;53;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95520   |   URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.6.34;5;6;34;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95520   |   URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.16;5;7;16;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95520   |   URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.6.34;5;6;34;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95583   |   URL:http://www.securityfocus.com/bid/95583";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.16;5;7;16;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95583   |   URL:http://www.securityfocus.com/bid/95583";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.5.53;5;5;53;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95501   |   URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.6.34;5;6;34;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95501   |   URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.16;5;7;16;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95501   |   URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.5.55;5;5;55;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97023   |   URL:http://www.securityfocus.com/bid/97023";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.6.35;5;6;35;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97023   |   URL:http://www.securityfocus.com/bid/97023";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 3.1.6;3;1;6;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97724   |   URL:http://www.securityfocus.com/bid/97724";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 3.2.1182;3;2;1182;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97724   |   URL:http://www.securityfocus.com/bid/97724";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 3.3.2;3;3;2;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97724   |   URL:http://www.securityfocus.com/bid/97724";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 3.1.6;3;1;6;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97844   |   URL:http://www.securityfocus.com/bid/97844";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 3.2.1182;3;2;1182;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97844   |   URL:http://www.securityfocus.com/bid/97844";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 3.3.2;3;3;2;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97844   |   URL:http://www.securityfocus.com/bid/97844";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.5.54;5;5;54;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97725   |   URL:http://www.securityfocus.com/bid/97725";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.6.35;5;6;35;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97725   |   URL:http://www.securityfocus.com/bid/97725";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.17;5;7;17;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97725   |   URL:http://www.securityfocus.com/bid/97725";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.5.54;5;5;54;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97742   |   URL:http://www.securityfocus.com/bid/97742";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.6.35;5;6;35;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97742   |   URL:http://www.securityfocus.com/bid/97742";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.17;5;7;17;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97742   |   URL:http://www.securityfocus.com/bid/97742";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.5.53;5;5;53;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95491   |   URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.6.34;5;6;34;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95491   |   URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.16;5;7;16;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95491   |   URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.5.53;5;5;53;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95527   |   URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.6.34;5;6;34;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95527   |   URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.16;5;7;16;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95527   |   URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.5.53;5;5;53;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95585   |   URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.6.34;5;6;34;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95585   |   URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.16;5;7;16;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95585   |   URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.5.53;5;5;53;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95588   |   URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.6.34;5;6;34;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95588   |   URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.16;5;7;16;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95588   |   URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.16;5;7;16;CVE-2017-3319;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95479   |   URL:http://www.securityfocus.com/bid/95479";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.16;5;7;16;CVE-2017-3320;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95470   |   URL:http://www.securityfocus.com/bid/95470";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.5.54;5;5;54;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97763   |   URL:http://www.securityfocus.com/bid/97763";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.6.35;5;6;35;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97763   |   URL:http://www.securityfocus.com/bid/97763";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.17;5;7;17;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97763   |   URL:http://www.securityfocus.com/bid/97763";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.11;5;7;11;CVE-2017-3331;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97772   |   URL:http://www.securityfocus.com/bid/97772";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.17;5;7;17;CVE-2017-3331;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97772   |   URL:http://www.securityfocus.com/bid/97772";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.6.35;5;6;35;CVE-2017-3450;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97747   |   URL:http://www.securityfocus.com/bid/97747";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.17;5;7;17;CVE-2017-3450;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97747   |   URL:http://www.securityfocus.com/bid/97747";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.6.35;5;6;35;CVE-2017-3452;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97779   |   URL:http://www.securityfocus.com/bid/97779";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.5.54;5;5;54;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97776   |   URL:http://www.securityfocus.com/bid/97776";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.6.35;5;6;35;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97776   |   URL:http://www.securityfocus.com/bid/97776";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.17;5;7;17;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97776   |   URL:http://www.securityfocus.com/bid/97776";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.17;5;7;17;CVE-2017-3454;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97791   |   URL:http://www.securityfocus.com/bid/97791";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.17;5;7;17;CVE-2017-3455;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97820   |   URL:http://www.securityfocus.com/bid/97820";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.5.54;5;5;54;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97831   |   URL:http://www.securityfocus.com/bid/97831";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.6.35;5;6;35;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97831   |   URL:http://www.securityfocus.com/bid/97831";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.17;5;7;17;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97831   |   URL:http://www.securityfocus.com/bid/97831";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.17;5;7;17;CVE-2017-3457;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97845   |   URL:http://www.securityfocus.com/bid/97845";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.17;5;7;17;CVE-2017-3458;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97837   |   URL:http://www.securityfocus.com/bid/97837";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.17;5;7;17;CVE-2017-3459;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97847   |   URL:http://www.securityfocus.com/bid/97847";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.17;5;7;17;CVE-2017-3460;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97826   |   URL:http://www.securityfocus.com/bid/97826";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.5.54;5;5;54;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97812   |   URL:http://www.securityfocus.com/bid/97812";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.6.35;5;6;35;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97812   |   URL:http://www.securityfocus.com/bid/97812";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.17;5;7;17;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97812   |   URL:http://www.securityfocus.com/bid/97812";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.5.54;5;5;54;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97851   |   URL:http://www.securityfocus.com/bid/97851";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.6.35;5;6;35;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97851   |   URL:http://www.securityfocus.com/bid/97851";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.17;5;7;17;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97851   |   URL:http://www.securityfocus.com/bid/97851";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.5.54;5;5;54;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97849   |   URL:http://www.securityfocus.com/bid/97849";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.6.35;5;6;35;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97849   |   URL:http://www.securityfocus.com/bid/97849";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.17;5;7;17;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97849   |   URL:http://www.securityfocus.com/bid/97849";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.5.54;5;5;54;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97818   |   URL:http://www.securityfocus.com/bid/97818";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.6.35;5;6;35;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97818   |   URL:http://www.securityfocus.com/bid/97818";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.17;5;7;17;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97818   |   URL:http://www.securityfocus.com/bid/97818";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.17;5;7;17;CVE-2017-3465;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97822   |   URL:http://www.securityfocus.com/bid/97822";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.17;5;7;17;CVE-2017-3467;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97825   |   URL:http://www.securityfocus.com/bid/97825";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.17;5;7;17;CVE-2017-3468;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97848   |   URL:http://www.securityfocus.com/bid/97848";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.6.35;5;6;35;CVE-2017-3599;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.";"MISC:https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97754   |   URL:http://www.securityfocus.com/bid/97754";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.17;5;7;17;CVE-2017-3599;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.";"MISC:https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97754   |   URL:http://www.securityfocus.com/bid/97754";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.5.54;5;5;54;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97765   |   URL:http://www.securityfocus.com/bid/97765";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.6.35;5;6;35;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97765   |   URL:http://www.securityfocus.com/bid/97765";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
| 5.7.17;5;7;17;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97765   |   URL:http://www.securityfocus.com/bid/97765";Assigned (20161206);"None (candidate not yet proposed)"; | ||||
|  |  | |||
| Can't render this file because it is too large. | 
		Loading…
	
		Reference in a new issue
	
	 Jean-Marie RENOUARD
						Jean-Marie RENOUARD