MySQLTuner-perl/build/vulnerability.csv

1	CVE-1999-0652	Candidate	** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A database service is running, e.g. a SQL server, Oracle, or mySQL."		Modified (20080731)	ACCEPT(1) Baker | MODIFY(1) Frech | NOOP(1) Wall | REJECT(1) Northcutt	Frech> XF:nt-sql-server(1289) | XF:msql-detect(2211) | XF:oracle-detect(2388) | XF:sybase-detect-namedpipes(1461)
2	CVE-2000-0148	Entry	MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.	BUGTRAQ:20000208 Remote access vulnerability in all MySQL server versions | URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0053.html | BUGTRAQ:20000214 MySQL 3.22.32 released | BID:975 | URL:http://www.securityfocus.com/bid/975
3	CVE-2000-0321	Candidate	Buffer overflow in IC Radius package allows a remote attacker to cause a denial of service via a long user name.	BUGTRAQ:20000424 Buffer Overflow in version .14 | URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0190.html | BID:1147 | URL:http://www.securityfocus.com/bid/1147	Proposed (20000518)	ACCEPT(1) Levy | MODIFY(1) Frech | NOOP(4) Baker, Cole, LeBlanc, Wall | REJECT(1) Christey	Frech> XF:icradius-username-bo | Every reference I pull up shows the product's name as ICRADIUS. See | http://mysql.eunet.fi/Downloads/Contrib/icradius.README | Christey> In a followup, Alan DeKok (aland@FREERADIUS.ORG) says that | this could occur in other RADIUS servers also; however, the | bug could only be exploited if someone has altered the | configuration file, which shouldn't normally be modifiable | by anyone else. | | So, this should be REJECTed since the bug doesn't directly give | anyone else any additional privileges or access. | Christey> Alan DeKok <aland@FREERADIUS.ORG> says it applies to other RADIUS | programs also, *however* since it needs a valid username, only | the RADIUS owner can exploit it by changing the config file. But | if the config file can be written by others - well, that's still | a potential risk, but you've probably got bigger problems then. | - http://marc.theaimsgroup.com/?l=bugtraq&m=95671883515060&w=2 | Look at ChangeLog at ftp://ftp.cheapnet.net/pub/icradius/ChangeLog | | Possible confirmation in 0.15: "sql_getvpdata now dynamically | allocates buffer sizes for sql queries to avoid over runs" | | But that's a bit general. | | Alan Kok said that Cistron and other RADIUS servers were affected; the | ICRADIUS changelog says to check the Cistron logs for other possible | bug fixes, since ICRADIUS uses Cistron codebase. Go back to | freeradius.org and find link to Cistron at | http://www.miquels.cistron.nl/radius/ | | Cistron changelog at http://www.miquels.cistron.nl/radius/ChangeLog It | has different version numbers - go back to ICRADIUS changelog to find | rought equivalents. ICRADIUS 0.15 uses Cistron 1.6.3 patches, so | start from there. | | No apparent problems in 1.6.3 or 1.6.4, but 1.6.1 says: "Fix all | strcpy(), strcat(), sprintf() and sccanf() calls for buffer | overflows." So perhaps the problem was fixed then? Or maybe the | vulnerable sscanf() call was missed and/or disregarded because it was | believed that the hostname could be trusted since it came from a | well-controlled configuration file?
4	CVE-2002-0287	Entry	pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default.	BUGTRAQ:20020216 pforum: mysql-injection-bug | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101389284625019&w=2 | CONFIRM:http://www.powie.de/news/index.php | BID:4114 | URL:http://www.securityfocus.com/bid/4114 | XF:pforum-quotes-sql-injection(8203) | URL:http://www.iss.net/security_center/static/8203.php
5	CVE-2004-0457	Candidate	The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.	DEBIAN:DSA-540 | URL:http://www.debian.org/security/2004/dsa-540 | CONFIRM:http://packages.debian.org/changelogs/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-11/changelog | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | OVAL:oval:org.mitre.oval:def:10693 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10693 | XF:mysql-mysqlhotcopy-insecure-file(17030) | URL:http://xforce.iss.net/xforce/xfdb/17030	Assigned (20040506)	None (candidate not yet proposed)
6	CVE-2004-0836	Candidate	Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).	CONECTIVA:CLA-2004:892 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892 | DEBIAN:DSA-562 | URL:http://www.debian.org/security/2004/dsa-562 | GENTOO:GLSA-200410-22 | URL:http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml | MISC:http://bugs.mysql.com/bug.php?id=4017 | MISC:http://lists.mysql.com/internals/14726 | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | REDHAT:RHSA-2004:611 | URL:http://www.redhat.com/support/errata/RHSA-2004-611.html | TRUSTIX:2004-0054 | URL:http://www.trustix.org/errata/2004/0054/ | BUGTRAQ:20041125 [USN-32-1] mysql vulnerabilities | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110140517515735&w=2 | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | BID:10981 | URL:http://www.securityfocus.com/bid/10981 | SECUNIA:12305 | URL:http://secunia.com/advisories/12305/ | XF:mysql-realconnect-bo(17047) | URL:http://xforce.iss.net/xforce/xfdb/17047	Assigned (20040908)	None (candidate not yet proposed)
7	CVE-2004-0931	Candidate	MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service (crash) via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in the IsAscii7 function.	IDEFENSE:20041006 MySQL MaxDB Web Agent WebDBMServer Name Denial of Service Vulnerability | URL:http://www.idefense.com/application/poi/display?id=150&type=vulnerabilities&flashstatus=false | BID:11346 | URL:http://www.securityfocus.com/bid/11346 | OSVDB:10532 | URL:http://www.osvdb.org/10532 | SECUNIA:12756 | URL:http://www.secunia.com/advisories/12756 | XF:maxdb-isascii7dos(17633) | URL:http://xforce.iss.net/xforce/xfdb/17633	Assigned (20041004)	None (candidate not yet proposed)
8	CVE-2004-2357	Candidate	The embedded MySQL 4.0 server for Proofpoint Protection Server does not require a password for the root user of MySQL, which allows remote attackers to read or modify the backend database.	FULLDISC:20040201 Proofpoint Protection Server remote MySQL root user vulnerability | URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=107745676915297&w=2 | FULLDISC:20040223 Re: [Full-Disclosure] Proofpoint Protection Server remote MySQL root user vulnerability | URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=107752568009182&w=2 | XF:proofpoint-mysql-gain-access(15280) | URL:http://xforce.iss.net/xforce/xfdb/15280	Assigned (20050816)	None (candidate not yet proposed)
9	CVE-2004-2632	Candidate	phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.	BUGTRAQ:20040628 php codes injection in phpMyAdmin version 2.5.7. | URL:http://archives.neohapsis.com/archives/bugtraq/2004-06/0444.html | BUGTRAQ:20040630 Re: php codes injection in phpMyAdmin version 2.5.7. | URL:http://archives.neohapsis.com/archives/bugtraq/2004-06/0473.html | MISC:http://eagle.kecapi.com/sec/fd/phpMyAdmin.html | CONFIRM:http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-1 | GENTOO:GLSA-200407-22 | URL:http://www.gentoo.org/security/en/glsa/glsa-200407-22.xml | BID:10629 | URL:http://www.securityfocus.com/bid/10629 | OSVDB:7315 | URL:http://www.osvdb.org/7315 | SECTRACK:1010614 | URL:http://securitytracker.com/alerts/2004/Jun/1010614.html | SECUNIA:11974 | URL:http://secunia.com/advisories/11974 | XF:phpmyadmin-code-manipulation(16555) | URL:http://xforce.iss.net/xforce/xfdb/16555	Assigned (20051204)	None (candidate not yet proposed)
10	CVE-2005-0544	Candidate	phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message.	SECUNIA:14382 | URL:http://secunia.com/advisories/14382 | CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=1149383&group_id=23067&atid=377408 | GENTOO:GLSA-200503-07 | URL:http://www.gentoo.org/security/en/glsa/glsa-200503-07.xml	Assigned (20050224)	None (candidate not yet proposed)
11	CVE-2005-0799	Candidate	MySQL 4.1.9, and possibly earlier versions, allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN.	BUGTRAQ:20050315 Denial of Service Vulnerability in MySQL Server for Windows | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091250923281&w=2 | CONFIRM:http://bugs.mysql.com/bug.php?id=9148 | SECUNIA:14564 | URL:http://secunia.com/advisories/14564	Assigned (20050320)	None (candidate not yet proposed)
12	CVE-2005-1121	Candidate	Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL.	MISC:http://rst.void.ru/papers/advisory24.txt | DEBIAN:DSA-726 | URL:http://www.debian.org/security/2005/dsa-726 | GENTOO:GLSA-200505-02 | URL:http://security.gentoo.org/glsa/glsa-200505-02.xml | BID:13172 | URL:http://www.securityfocus.com/bid/13172 | XF:oops-format-string(20191) | URL:http://xforce.iss.net/xforce/xfdb/20191	Assigned (20050416)	None (candidate not yet proposed)
13	CVE-2005-2572	Candidate	MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll.	BUGTRAQ:20050808 [AppSecInc Advisory MYSQL05-V0003] Multiple Issues with MySQL User Defined Functions | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112360818900941&w=2 | MISC:http://www.appsecinc.com/resources/alerts/mysql/2005-003.html | HP:HPSBPV02918 | URL:http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409 | HP:SSRT101272 | URL:http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409 | BID:62358 | URL:http://www.securityfocus.com/bid/62358 | SECTRACK:1029010 | URL:http://www.securitytracker.com/id/1029010 | SECUNIA:54788 | URL:http://secunia.com/advisories/54788 | XF:mysql-loadlibraryex-dos(21756) | URL:http://xforce.iss.net/xforce/xfdb/21756	Assigned (20050816)	None (candidate not yet proposed)
14	CVE-2006-0146	Candidate	The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.	BUGTRAQ:20060202 Bug for libs in php link directory 2.0 | URL:http://www.securityfocus.com/archive/1/archive/1/423784/100/0/threaded | BUGTRAQ:20060409 PhpOpenChat 3.0.x ADODB Server.php "sql" SQL injection | URL:http://www.securityfocus.com/archive/1/archive/1/430448/100/0/threaded | BUGTRAQ:20070418 MediaBeez Sql query Execution .. Wear isn't ?? :) | URL:http://www.securityfocus.com/archive/1/archive/1/466171/100/0/threaded | BUGTRAQ:20060409 PhpOpenChat 3.0.x ADODB Server.php "sql" SQL injection | URL:http://www.securityfocus.com/archive/1/archive/1/430448/100/0/threaded | MISC:http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html | MISC:http://secunia.com/secunia_research/2005-64/advisory/ | CONFIRM:http://www.xaraya.com/index.php/news/569 | CONFIRM:http://www.maxdev.com/Article550.phtml | DEBIAN:DSA-1029 | URL:http://www.debian.org/security/2006/dsa-1029 | DEBIAN:DSA-1030 | URL:http://www.debian.org/security/2006/dsa-1030 | DEBIAN:DSA-1031 | URL:http://www.debian.org/security/2006/dsa-1031 | GENTOO:GLSA-200604-07 | URL:http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml | BID:16187 | URL:http://www.securityfocus.com/bid/16187 | VUPEN:ADV-2006-0101 | URL:http://www.vupen.com/english/advisories/2006/0101 | VUPEN:ADV-2006-0102 | URL:http://www.vupen.com/english/advisories/2006/0102 | VUPEN:ADV-2006-0103 | URL:http://www.vupen.com/english/advisories/2006/0103 | VUPEN:ADV-2006-0104 | URL:http://www.vupen.com/english/advisories/2006/0104 | VUPEN:ADV-2006-0105 | URL:http://www.vupen.com/english/advisories/2006/0105 | VUPEN:ADV-2006-0447 | URL:http://www.vupen.com/english/advisories/2006/0447 | VUPEN:ADV-2006-0370 | URL:http://www.vupen.com/english/advisories/2006/0370 | VUPEN:ADV-2006-1304 | URL:http://www.vupen.com/english/advisories/2006/1304 | VUPEN:ADV-2006-1305 | URL:http://www.vupen.com/english/advisories/2006/1305 | VUPEN:ADV-2006-1419 | URL:http://www.vupen.com/english/advisories/2006/1419 | OSVDB:22290 | URL:http://www.osvdb.org/22290 | SECUNIA:17418 | URL:http://secunia.com/advisories/17418 | SECUNIA:18254 | URL:http://secunia.com/advisories/18254 | SECUNIA:18267 | URL:http://secunia.com/advisories/18267 | SECUNIA:18260 | URL:http://secunia.com/advisories/18260 | SECUNIA:18276 | URL:http://secunia.com/advisories/18276 | SECUNIA:18233 | URL:http://secunia.com/advisories/18233 | SECUNIA:18720 | URL:http://secunia.com/advisories/18720 | SECUNIA:19555 | URL:http://secunia.com/advisories/19555 | SECUNIA:19563 | URL:http://secunia.com/advisories/19563 | SECUNIA:19590 | URL:http://secunia.com/advisories/19590 | SECUNIA:19591 | URL:http://secunia.com/advisories/19591 | SECUNIA:19600 | URL:http://secunia.com/advisories/19600 | SECUNIA:19699 | URL:http://secunia.com/advisories/19699 | SECUNIA:19691 | URL:http://secunia.com/advisories/19691 | SECUNIA:24954 | URL:http://secunia.com/advisories/24954 | SREASON:713 | URL:http://securityreason.com/securityalert/713 | XF:adodb-server-command-execution(24051) | URL:http://xforce.iss.net/xforce/xfdb/24051	Assigned (20060109)	None (candidate not yet proposed)
15	CVE-2006-1451	Candidate	MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database.	APPLE:APPLE-SA-2006-05-11 | URL:http://lists.apple.com/archives/security-announce/2006/May/msg00003.html | CERT:TA06-132A | URL:http://www.us-cert.gov/cas/techalerts/TA06-132A.html | BID:17951 | URL:http://www.securityfocus.com/bid/17951 | VUPEN:ADV-2006-1779 | URL:http://www.vupen.com/english/advisories/2006/1779 | OSVDB:25595 | URL:http://www.osvdb.org/25595 | SECTRACK:1016077 | URL:http://securitytracker.com/id?1016077 | SECUNIA:20077 | URL:http://secunia.com/advisories/20077 | XF:macos-mysql-manager-blank-password(26420) | URL:http://xforce.iss.net/xforce/xfdb/26420	Assigned (20060328)	None (candidate not yet proposed)
16	CVE-2006-2042	Candidate	Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models.	BUGTRAQ:20060509 Multiple SQL Injection Vulnerabilities in Dreamweaver Generated Code | URL:http://archives.neohapsis.com/archives/bugtraq/2006-05/0194.html | CONFIRM:http://www.adobe.com/support/security/bulletins/apsb06-07.html | BID:17928 | URL:http://www.securityfocus.com/bid/17928 | VUPEN:ADV-2006-1753 | URL:http://www.vupen.com/english/advisories/2006/1753 | OSVDB:25361 | URL:http://www.osvdb.org/25361 | SECTRACK:1016050 | URL:http://securitytracker.com/id?1016050 | SECUNIA:20054 | URL:http://secunia.com/advisories/20054 | XF:dreamweaver-server-sql-injection(26339) | URL:http://xforce.iss.net/xforce/xfdb/26339	Assigned (20060426)	None (candidate not yet proposed)
17	CVE-2006-3469	Candidate	Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.	MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694 | MISC:http://bugs.mysql.com/bug.php?id=20729 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html | CONFIRM:http://docs.info.apple.com/article.html?artnum=305214 | APPLE:APPLE-SA-2007-03-13 | URL:http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html | DEBIAN:DSA-1112 | URL:http://www.debian.org/security/2006/dsa-1112 | GENTOO:GLSA-200608-09 | URL:http://security.gentoo.org/glsa/glsa-200608-09.xml | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | UBUNTU:USN-321-1 | URL:http://www.ubuntu.com/usn/usn-321-1 | CERT:TA07-072A | URL:http://www.us-cert.gov/cas/techalerts/TA07-072A.html | BID:19032 | URL:http://www.securityfocus.com/bid/19032 | OVAL:oval:org.mitre.oval:def:9827 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9827 | VUPEN:ADV-2007-0930 | URL:http://www.vupen.com/english/advisories/2007/0930 | SECUNIA:21147 | URL:http://secunia.com/advisories/21147 | SECUNIA:21366 | URL:http://secunia.com/advisories/21366 | SECUNIA:24479 | URL:http://secunia.com/advisories/24479 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226	Assigned (20060710)	None (candidate not yet proposed)
18	CVE-2006-4976	Candidate	The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for (1) server.php, (2) adodb-errorpear.inc.php, (3) adodb-iterator.inc.php, (4) adodb-pear.inc.php, (5) adodb-perf.inc.php, (6) adodb-xmlschema.inc.php, and (7) adodb.inc.php; files in datadict including (8) datadict-access.inc.php, (9) datadict-db2.inc.php, (10) datadict-generic.inc.php, (11) datadict-ibase.inc.php, (12) datadict-informix.inc.php, (13) datadict-mssql.inc.php, (14) datadict-mysql.inc.php, (15) datadict-oci8.inc.php, (16) datadict-postgres.inc.php, and (17) datadict-sybase.inc.php; files in drivers/ including (18) adodb-access.inc.php, (19) adodb-ado.inc.php, (20) adodb-ado_access.inc.php, (21) adodb-ado_mssql.inc.php, (22) adodb-borland_ibase.inc.php, (23) adodb-csv.inc.php, (24) adodb-db2.inc.php, (25) adodb-fbsql.inc.php, (26) adodb-firebird.inc.php, (27) adodb-ibase.inc.php, (28) adodb-informix.inc.php, (29) adodb-informix72.inc.php, (30) adodb-mssql.inc.php, (31) adodb-mssqlpo.inc.php, (32) adodb-mysql.inc.php, (33) adodb-mysqli.inc.php, (34) adodb-mysqlt.inc.php, (35) adodb-oci8.inc.php, (36) adodb-oci805.inc.php, (37) adodb-oci8po.inc.php, (38) adodb-odbc.inc.php, (39) adodb-odbc_mssql.inc.php, (40) adodb-odbc_oracle.inc.php, (41) adodb-oracle.inc.php, (42) adodb-postgres64.inc.php, (43) adodb-postgres7.inc.php, (44) adodb-proxy.inc.php, (45) adodb-sapdb.inc.php, (46) adodb-sqlanywhere.inc.php, (47) adodb-sqlite.inc.php, (48) adodb-sybase.inc.php, (49) adodb-vfp.inc.php; file in perf/ including (50) perf-db2.inc.php, (51) perf-informix.inc.php, (52) perf-mssql.inc.php, (53) perf-mysql.inc.php, (54) perf-oci8.inc.php, (55) perf-postgres.inc.php; tests/ files (56) benchmark.php, (57) client.php, (58) test-datadict.php, (59) test-perf.php, (60) test-pgblob.php, (61) test-php5.php, (62) test-xmlschema.php, (63) test.php, (64) test2.php, (65) test3.php, (66) test4.php, (67) test5.php, (68) test_rs_array.php, (69) testcache.php, (70) testdatabases.inc.php, (71) testgenid.php, (72) testmssql.php, (73) testoci8.php, (74) testoci8cursor.php, (75) testpaging.php, (76) testpear.php, (77) testsessions.php, (78) time.php, or (79) tmssql.php, which reveals the path in various error messages.	BUGTRAQ:20060914 ADOdb Date Library Full path Bugs | URL:http://www.securityfocus.com/archive/1/archive/1/445995/100/100/threaded | SREASON:1629 | URL:http://securityreason.com/securityalert/1629	Assigned (20060924)	None (candidate not yet proposed)
19	CVE-2006-4994	Candidate	Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.	BUGTRAQ:20060521 [TZO-072006]-Xampp - Multiple Priviledge Escalation (SYSTEM) and Rogue Autostart | URL:http://www.securityfocus.com/archive/1/archive/1/434699/30/4860/threaded | FULLDISC:20060521 [TZO-072006]-Xampp - Multiple Priviledge Escalation (SYSTEM) and Rogue Autostarthttp | URL:http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046218.html | MISC:http://secdev.zoller.lu/research/xamp1.htm | CONFIRM:http://www.apachefriends.org/en/news-article,75557.html | XF:xampp-insecure-start-path(26581) | URL:http://xforce.iss.net/xforce/xfdb/26581	Assigned (20060925)	None (candidate not yet proposed)
20	CVE-2007-2691	Candidate	MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.	BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:http://xforce.iss.net/xforce/xfdb/34347	Assigned (20070515)	None (candidate not yet proposed)
21	CVE-2007-2692	Candidate	The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.	BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27337 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:24011 | URL:http://www.securityfocus.com/bid/24011 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9166 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | XF:mysql-changedb-privilege-escalation(34348) | URL:http://xforce.iss.net/xforce/xfdb/34348	Assigned (20070515)	None (candidate not yet proposed)
22	CVE-2007-3780	Candidate	MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.	BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=28984 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | GENTOO:GLSA-200708-10 | URL:http://security.gentoo.org/glsa/glsa-200708-10.xml | MANDRIVA:MDKSA-2007:177 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:177 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2007:0875 | URL:http://www.redhat.com/support/errata/RHSA-2007-0875.html | SUSE:SUSE-SR:2007:019 | URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OSVDB:36732 | URL:http://osvdb.org/36732 | OVAL:oval:org.mitre.oval:def:11058 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11058 | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | SECTRACK:1018629 | URL:http://www.securitytracker.com/id?1018629 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26498 | URL:http://secunia.com/advisories/26498 | SECUNIA:26710 | URL:http://secunia.com/advisories/26710 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:26621 | URL:http://secunia.com/advisories/26621 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823	Assigned (20070715)	None (candidate not yet proposed)
23	CVE-2007-3781	Candidate	MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.	BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=25578 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200708-10 | URL:http://security.gentoo.org/glsa/glsa-200708-10.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OSVDB:37783 | URL:http://osvdb.org/37783 | OVAL:oval:org.mitre.oval:def:9195 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9195 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26498 | URL:http://secunia.com/advisories/26498 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351	Assigned (20070715)	None (candidate not yet proposed)
24	CVE-2007-3782	Candidate	MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.	BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://bugs.mysql.com/bug.php?id=27878 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:177 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:177 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2007:019 | URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OVAL:oval:org.mitre.oval:def:10563 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10563 | SECTRACK:1018663 | URL:http://securitytracker.com/id?1018663 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26710 | URL:http://secunia.com/advisories/26710 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351	Assigned (20070715)	None (candidate not yet proposed)
25	CVE-2007-4588	Candidate	Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) nodeworx.php, (3) users.php, (4) lang.php, (5) themes.php, (6) setup.php, (7) siteworx.php, (8) packages.php, (9) backup.php, (10) import.php, (11) scriptworx.php, (12) resellers.php, (13) reseller-packages.php, (14) http.php, (15) mail.php, (16) ftp.php, (17) mysql.php, (18) sshd.php, (19) nfs.php, (20) cron.php, (21) ip.php, (22) firewall.php, (23) updates.php, (24) rrd.php, or (25) cluster.php.	BUGTRAQ:20070826 InterWorx-CP Multiple HTML Injections Vulnerabilitie | URL:http://www.securityfocus.com/archive/1/archive/1/477848/100/0/threaded | MISC:http://www.hackerscenter.com/archive/view.asp?id=27884 | CONFIRM:http://interworx.com/forums/showthread.php?t=2501 | BID:25451 | URL:http://www.securityfocus.com/bid/25451 | OSVDB:36739 | URL:http://osvdb.org/36739 | OSVDB:36740 | URL:http://osvdb.org/36740 | OSVDB:36742 | URL:http://osvdb.org/36742 | OSVDB:36743 | URL:http://osvdb.org/36743 | OSVDB:36744 | URL:http://osvdb.org/36744 | OSVDB:36745 | URL:http://osvdb.org/36745 | OSVDB:36746 | URL:http://osvdb.org/36746 | OSVDB:36747 | URL:http://osvdb.org/36747 | OSVDB:36748 | URL:http://osvdb.org/36748 | OSVDB:36749 | URL:http://osvdb.org/36749 | OSVDB:36750 | URL:http://osvdb.org/36750 | OSVDB:36751 | URL:http://osvdb.org/36751 | OSVDB:36752 | URL:http://osvdb.org/36752 | OSVDB:36753 | URL:http://osvdb.org/36753 | OSVDB:36755 | URL:http://osvdb.org/36755 | OSVDB:36756 | URL:http://osvdb.org/36756 | OSVDB:36757 | URL:http://osvdb.org/36757 | OSVDB:36758 | URL:http://osvdb.org/36758 | OSVDB:36759 | URL:http://osvdb.org/36759 | OSVDB:36761 | URL:http://osvdb.org/36761 | OSVDB:36762 | URL:http://osvdb.org/36762 | OSVDB:36763 | URL:http://osvdb.org/36763 | OSVDB:36764 | URL:http://osvdb.org/36764 | OSVDB:36765 | URL:http://osvdb.org/36765 | OSVDB:36766 | URL:http://osvdb.org/36766 | SECUNIA:26586 | URL:http://secunia.com/advisories/26586 | SREASON:3070 | URL:http://securityreason.com/securityalert/3070 | XF:interworx-nodeworx-multiple-file-include(36301) | URL:http://xforce.iss.net/xforce/xfdb/36301 | XF:interworxcp-index-xss(36297) | URL:http://xforce.iss.net/xforce/xfdb/36297	Assigned (20070828)	None (candidate not yet proposed)
26	CVE-2007-5969	Candidate	MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.	BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3,186931,186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222	Assigned (20071114)	None (candidate not yet proposed)
27	CVE-2007-6303	Candidate	MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.	BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-definer-value-privilege-escalation(38989) | URL:http://xforce.iss.net/xforce/xfdb/38989	Assigned (20071210)	None (candidate not yet proposed)
28	CVE-2007-6304	Candidate	The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.	BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | OSVDB:42609 | URL:http://osvdb.org/42609 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-federated-engine-dos(38990) | URL:http://xforce.iss.net/xforce/xfdb/38990	Assigned (20071210)	None (candidate not yet proposed)
29	CVE-2007-6313	Candidate	MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements.	CONFIRM:http://bugs.mysql.com/31611 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | SECTRACK:1019083 | URL:http://www.securitytracker.com/id?1019083 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | OSVDB:43179 | URL:http://osvdb.org/43179	Assigned (20071211)	None (candidate not yet proposed)
30	CVE-2008-2384	Candidate	SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.	MLIST:[oss-security] 20090121 mod-auth-mysql: SQL injection | URL:http://openwall.com/lists/oss-security/2009/01/21/10 | CONFIRM:http://klecker.debian.org/~white/mod-auth-mysql/CVE-2008-2384_mod-auth-mysql.patch | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=480238 | FEDORA:FEDORA-2011-0100 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053899.html | FEDORA:FEDORA-2011-0114 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053903.html | REDHAT:RHSA-2009:0259 | URL:http://www.redhat.com/support/errata/RHSA-2009-0259.html | REDHAT:RHSA-2010:1002 | URL:http://www.redhat.com/support/errata/RHSA-2010-1002.html | BID:33392 | URL:http://www.securityfocus.com/bid/33392 | OVAL:oval:org.mitre.oval:def:10172 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10172 | SECUNIA:43302 | URL:http://secunia.com/advisories/43302 | VUPEN:ADV-2009-0226 | URL:http://www.vupen.com/english/advisories/2009/0226 | SECUNIA:33627 | URL:http://secunia.com/advisories/33627 | VUPEN:ADV-2011-0367 | URL:http://www.vupen.com/english/advisories/2011/0367 | XF:modauthmysql-multibyte-sql-injection(48163) | URL:http://xforce.iss.net/xforce/xfdb/48163	Assigned (20080521)	None (candidate not yet proposed)
31	CVE-2008-3820	Candidate	Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain "root access" to IEV via unspecified use of TCP sessions to these ports.	CISCO:20090121 Cisco Security Manager Vulnerability | URL:http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6192a.shtml | BID:33381 | URL:http://www.securityfocus.com/bid/33381 | VUPEN:ADV-2009-0214 | URL:http://www.vupen.com/english/advisories/2009/0214 | SECTRACK:1021619 | URL:http://www.securitytracker.com/id?1021619 | SECUNIA:33633 | URL:http://secunia.com/advisories/33633 | XF:cisco-securitymanager-iev-weak-security(48134) | URL:http://xforce.iss.net/xforce/xfdb/48134	Assigned (20080827)	None (candidate not yet proposed)
32	CVE-2008-3963	Candidate	MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.	MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | OVAL:oval:org.mitre.oval:def:10521 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10521 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | XF:mysql-bitstring-dos(45042) | URL:http://xforce.iss.net/xforce/xfdb/45042	Assigned (20080909)	None (candidate not yet proposed)
33	CVE-2009-0542	Candidate	SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.	BUGTRAQ:20090210 Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) | URL:http://www.securityfocus.com/archive/1/archive/1/500823/100/0/threaded | BUGTRAQ:20090210 ProFTPd with mod_mysql Authentication Bypass Exploit | URL:http://www.securityfocus.com/archive/1/archive/1/500851/100/0/threaded | BUGTRAQ:20090210 Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) | URL:http://www.securityfocus.com/archive/1/archive/1/500833/100/0/threaded | BUGTRAQ:20090211 Re: Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) | URL:http://www.securityfocus.com/archive/1/archive/1/500852/100/0/threaded | MILW0RM:8037 | URL:http://www.milw0rm.com/exploits/8037 | MLIST:[oss-security] 20090211 CVE request for proftpd | URL:http://www.openwall.com/lists/oss-security/2009/02/11/1 | MLIST:[oss-security] 20090211 Re: CVE request for proftpd | URL:http://www.openwall.com/lists/oss-security/2009/02/11/5 | MLIST:[oss-security] 20090211 Re: CVE request for proftpd | URL:http://www.openwall.com/lists/oss-security/2009/02/11/3 | CONFIRM:http://bugs.proftpd.org/show_bug.cgi?id=3180 | DEBIAN:DSA-1730 | URL:http://www.debian.org/security/2009/dsa-1730 | GENTOO:GLSA-200903-27 | URL:http://security.gentoo.org/glsa/glsa-200903-27.xml | MANDRIVA:MDVSA-2009:061 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:061 | SECUNIA:34268 | URL:http://secunia.com/advisories/34268	Assigned (20090212)	None (candidate not yet proposed)
34	CVE-2009-0543	Candidate	ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.	MLIST:[oss-security] 20090211 CVE request for proftpd | URL:http://www.openwall.com/lists/oss-security/2009/02/11/4 | MLIST:[oss-security] 20090211 Re: CVE request for proftpd | URL:http://www.openwall.com/lists/oss-security/2009/02/11/5 | CONFIRM:http://bugs.proftpd.org/show_bug.cgi?id=3173 | DEBIAN:DSA-1730 | URL:http://www.debian.org/security/2009/dsa-1730 | GENTOO:GLSA-200903-27 | URL:http://security.gentoo.org/glsa/glsa-200903-27.xml | MANDRIVA:MDVSA-2009:061 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:061 | SECUNIA:34268 | URL:http://secunia.com/advisories/34268	Assigned (20090212)	None (candidate not yet proposed)
35	CVE-2009-2929	Candidate	Multiple SQL injection vulnerabilities in TGS Content Management 0.x allow remote attackers to execute arbitrary SQL commands via the (1) tgs_language_id, (2) tpl_dir, (3) referer, (4) user-agent, (5) site, (6) option, (7) db_optimization, (8) owner, (9) admin_email, (10) default_language, and (11) db_host parameters to cms/index.php; and the (12) cmd, (13) s_dir, (14) minutes, (15) s_mask, (16) test3_mp, (17) test15_file1, (18) submit, (19) brute_method, (20) ftp_server_port, (21) userfile14, (22) subj, (23) mysql_l, (24) action, and (25) userfile1 parameters to cms/frontpage_ception.php. NOTE: some of these parameters may be applicable only in nonstandard versions of the product, and cms/frontpage_ception.php may be cms/frontpage_caption.php in all released versions.	MILW0RM:9434 | URL:http://www.milw0rm.com/exploits/9434 | XF:tgscms-index-sql-injection(52468) | URL:http://xforce.iss.net/xforce/xfdb/52468	Assigned (20090821)	None (candidate not yet proposed)
36	CVE-2009-3102	Candidate	The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manager (ZRM) for MySQL 2.x before 2.1.1 allows remote attackers to execute arbitrary commands via vectors involving a crafted $MYSQL_BINPATH variable.	MISC:http://forums.zmanda.com/showthread.php?p=8068 | MISC:http://twitter.com/elegerov/statuses/3518763099 | MISC:http://twitter.com/elegerov/statuses/3547652507 | MISC:http://www.intevydis.com/blog/?p=51 | SECUNIA:36424 | URL:http://secunia.com/advisories/36424 | SECUNIA:36429 | URL:http://secunia.com/advisories/36429 | XF:zrm-mysqlhotcopy-priv-escalation(52978) | URL:http://xforce.iss.net/xforce/xfdb/52978 | XF:zrm-socketserver-command-execution(52977) | URL:http://xforce.iss.net/xforce/xfdb/52977	Assigned (20090908)	None (candidate not yet proposed)
37	CVE-2009-4028	Candidate	The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.	MLIST:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320 | URL:http://lists.mysql.com/commits/87446 | MLIST:[oss-security] 20091119 mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/19/3 | MLIST:[oss-security] 20091121 CVE Request - MySQL - 5.0.88 | URL:http://marc.info/?l=oss-security&m=125881733826437&w=2 | MLIST:[oss-security] 20091123 Re: mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/23/16 | CONFIRM:http://bugs.mysql.com/47320 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | REDHAT:RHSA-2010:0109 | URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html | SUSE:SUSE-SR:2010:011 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | OVAL:oval:org.mitre.oval:def:10940 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10940 | OVAL:oval:org.mitre.oval:def:8510 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8510 | VUPEN:ADV-2010-1107 | URL:http://www.vupen.com/english/advisories/2010/1107	Assigned (20091120)	None (candidate not yet proposed)
38	CVE-2009-4484	Candidate	Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.	MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416	Assigned (20091230)	None (candidate not yet proposed)
39	CVE-2009-5026	Candidate	The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.	MLIST:[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009) | URL:http://seclists.org/oss-sec/2011/q4/101 | CONFIRM:http://bugs.mysql.com/bug.php?id=49124 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640177 | SUSE:SUSE-SU-2012:0984 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html | SECUNIA:49179 | URL:http://secunia.com/advisories/49179	Assigned (20101209)	None (candidate not yet proposed)
40	CVE-2010-2008	Candidate	MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.	CONFIRM:http://bugs.mysql.com/bug.php?id=53804 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html | FEDORA:FEDORA-2010-11135 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044546.html | MANDRIVA:MDVSA-2010:155 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:155 | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:41198 | URL:http://www.securityfocus.com/bid/41198 | OVAL:oval:org.mitre.oval:def:11869 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11869 | SECTRACK:1024160 | URL:http://www.securitytracker.com/id?1024160 | SECUNIA:40333 | URL:http://secunia.com/advisories/40333 | SECUNIA:40762 | URL:http://secunia.com/advisories/40762 | VUPEN:ADV-2010-1918 | URL:http://www.vupen.com/english/advisories/2010/1918	Assigned (20100521)	None (candidate not yet proposed)
41	CVE-2010-3056	Candidate	Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.	MISC:http://yehg.net/lab/pr0js/advisories/phpmyadmin/%5Bphpmyadmin-3.3.5%5D_cross_site_scripting%28XSS%29 | CONFIRM:http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=625877 | DEBIAN:DSA-2097 | URL:http://www.debian.org/security/2010/dsa-2097 | FEDORA:FEDORA-2010-13249 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045991.html | FEDORA:FEDORA-2010-13258 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045997.html | MANDRIVA:MDVSA-2010:163 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:163 | MANDRIVA:MDVSA-2010:164 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:164 | BID:42584 | URL:http://www.securityfocus.com/bid/42584 | SECUNIA:41000 | URL:http://secunia.com/advisories/41000 | SECUNIA:41185 | URL:http://secunia.com/advisories/41185 | VUPEN:ADV-2010-2223 | URL:http://www.vupen.com/english/advisories/2010/2223 | VUPEN:ADV-2010-2231 | URL:http://www.vupen.com/english/advisories/2010/2231	Assigned (20100819)	None (candidate not yet proposed)
42	CVE-2010-3833	Candidate	MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."	MISC:http://bugs.mysql.com/bug.php?id=55826 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:http://xforce.iss.net/xforce/xfdb/64845	Assigned (20101007)	None (candidate not yet proposed)
43	CVE-2010-3834	Candidate	Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments."	MISC:http://bugs.mysql.com/bug.php?id=55568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:http://xforce.iss.net/xforce/xfdb/64844	Assigned (20101007)	None (candidate not yet proposed)
44	CVE-2010-3835	Candidate	MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.	MISC:http://bugs.mysql.com/bug.php?id=55564 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640819 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-uservariable-dos(64843) | URL:http://xforce.iss.net/xforce/xfdb/64843	Assigned (20101007)	None (candidate not yet proposed)
45	CVE-2010-3836	Candidate	MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.	CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:http://xforce.iss.net/xforce/xfdb/64842	Assigned (20101007)	None (candidate not yet proposed)
46	CVE-2010-3837	Candidate	MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.	CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:http://xforce.iss.net/xforce/xfdb/64841	Assigned (20101007)	None (candidate not yet proposed)
47	CVE-2010-3838	Candidate	MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."	MISC:http://bugs.mysql.com/bug.php?id=54461 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:http://xforce.iss.net/xforce/xfdb/64840	Assigned (20101007)	None (candidate not yet proposed)
48	CVE-2010-3840	Candidate	The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.	MISC:http://lists.mysql.com/commits/117094 | CONFIRM:http://bugs.mysql.com/bug.php?id=51875 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640865 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0824 | URL:http://www.redhat.com/support/errata/RHSA-2010-0824.html | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-gislinestringinitfromwkb-dos(64838) | URL:http://xforce.iss.net/xforce/xfdb/64838	Assigned (20101007)	None (candidate not yet proposed)
49	CVE-2011-0432	Candidate	Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.	CONFIRM:http://code.google.com/p/pywebdav/updates/list | CONFIRM:http://pywebdav.googlecode.com/files/PyWebDAV-0.9.4.1.tar.gz | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=677718 | DEBIAN:DSA-2177 | URL:http://www.debian.org/security/2011/dsa-2177 | FEDORA:FEDORA-2011-2427 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055444.html | FEDORA:FEDORA-2011-2460 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055412.html | FEDORA:FEDORA-2011-2470 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055413.html | BID:46655 | URL:http://www.securityfocus.com/bid/46655 | SECUNIA:43571 | URL:http://secunia.com/advisories/43571 | SECUNIA:43602 | URL:http://secunia.com/advisories/43602 | SECUNIA:43703 | URL:http://secunia.com/advisories/43703 | VUPEN:ADV-2011-0553 | URL:http://www.vupen.com/english/advisories/2011/0553 | VUPEN:ADV-2011-0554 | URL:http://www.vupen.com/english/advisories/2011/0554 | VUPEN:ADV-2011-0634 | URL:http://www.vupen.com/english/advisories/2011/0634	Assigned (20110112)	None (candidate not yet proposed)
50	CVE-2011-1513	Candidate	Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name.	MISC:http://www.coresecurity.com/content/e107-cms-script-command-injection | CONFIRM:http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.8/install_.php?r1=11931&r2=12376&pathrev=12376 | BID:50339 | URL:http://www.securityfocus.com/bid/50339 | XF:e107-cmd-command-execution(70921) | URL:http://xforce.iss.net/xforce/xfdb/70921	Assigned (20110323)	None (candidate not yet proposed)
51	CVE-2011-2262	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20110602)	None (candidate not yet proposed)
52	CVE-2011-2688	Candidate	SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.	MLIST:[oss-security] 20110712 CVE id request: apache mod-auth-external | URL:http://www.openwall.com/lists/oss-security/2011/07/12/10 | MLIST:[oss-security] 20110712 Re: CVE id request: apache mod-auth-external | URL:http://www.openwall.com/lists/oss-security/2011/07/12/17 | MISC:http://anders.fix.no/software/#unix | CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633637 | CONFIRM:http://code.google.com/p/mod-auth-external/issues/detail?id=5 | DEBIAN:DSA-2279 | URL:http://www.debian.org/security/2011/dsa-2279 | BID:48653 | URL:http://www.securityfocus.com/bid/48653 | SECUNIA:45240 | URL:http://secunia.com/advisories/45240 | XF:modauthexternal-mysqlauth-sql-injection(68799) | URL:http://xforce.iss.net/xforce/xfdb/68799	Assigned (20110711)	None (candidate not yet proposed)
53	CVE-2012-0075	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2012:0984 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html | BID:51526 | URL:http://www.securityfocus.com/bid/51526 | OSVDB:78374 | URL:http://osvdb.org/78374 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-server-cve20120075(72539) | URL:http://xforce.iss.net/xforce/xfdb/72539	Assigned (20111212)	None (candidate not yet proposed)
54	CVE-2012-0087	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2012:0984 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html | BID:51509 | URL:http://www.securityfocus.com/bid/51509 | OSVDB:78377 | URL:http://osvdb.org/78377 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-serveruns-dos(72519) | URL:http://xforce.iss.net/xforce/xfdb/72519	Assigned (20111212)	None (candidate not yet proposed)
55	CVE-2012-0101	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2012:0984 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html | OSVDB:78378 | URL:http://osvdb.org/78378 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-serveruns1-dos(72520) | URL:http://xforce.iss.net/xforce/xfdb/72520	Assigned (20111212)	None (candidate not yet proposed)
56	CVE-2012-0102	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2012:0984 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html | OSVDB:78379 | URL:http://osvdb.org/78379 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-serveruns2-dos(72521) | URL:http://xforce.iss.net/xforce/xfdb/72521	Assigned (20111212)	None (candidate not yet proposed)
57	CVE-2012-0112	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20111212)	None (candidate not yet proposed)
58	CVE-2012-0113	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20111212)	None (candidate not yet proposed)
59	CVE-2012-0114	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2012:0984 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20111212)	None (candidate not yet proposed)
60	CVE-2012-0115	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20111212)	None (candidate not yet proposed)
61	CVE-2012-0116	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20111212)	None (candidate not yet proposed)
62	CVE-2012-0117	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20111212)	None (candidate not yet proposed)
63	CVE-2012-0118	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20111212)	None (candidate not yet proposed)
64	CVE-2012-0119	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20111212)	None (candidate not yet proposed)
65	CVE-2012-0120	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20111212)	None (candidate not yet proposed)
66	CVE-2012-0484	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2012:0984 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html | BID:51515 | URL:http://www.securityfocus.com/bid/51515 | OSVDB:78372 | URL:http://osvdb.org/78372 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-server-info-disc(72525) | URL:http://xforce.iss.net/xforce/xfdb/72525	Assigned (20120111)	None (candidate not yet proposed)
67	CVE-2012-0485	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:51513 | URL:http://www.securityfocus.com/bid/51513 | OSVDB:78383 | URL:http://osvdb.org/78383 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-serveruns4-dos(72526) | URL:http://xforce.iss.net/xforce/xfdb/72526	Assigned (20120111)	None (candidate not yet proposed)
68	CVE-2012-0486	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:51514 | URL:http://www.securityfocus.com/bid/51514 | OSVDB:78384 | URL:http://osvdb.org/78384 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-serveruns5-dos(72527) | URL:http://xforce.iss.net/xforce/xfdb/72527	Assigned (20120111)	None (candidate not yet proposed)
69	CVE-2012-0487	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:51503 | URL:http://www.securityfocus.com/bid/51503 | OSVDB:78385 | URL:http://osvdb.org/78385 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-serveruns6-dos(72528) | URL:http://xforce.iss.net/xforce/xfdb/72528	Assigned (20120111)	None (candidate not yet proposed)
70	CVE-2012-0488	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:51506 | URL:http://www.securityfocus.com/bid/51506 | OSVDB:78386 | URL:http://osvdb.org/78386 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-serveruns7-dos(72529) | URL:http://xforce.iss.net/xforce/xfdb/72529	Assigned (20120111)	None (candidate not yet proposed)
71	CVE-2012-0489	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:51510 | URL:http://www.securityfocus.com/bid/51510 | OSVDB:78387 | URL:http://osvdb.org/78387 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-serveruns8-dos(72530) | URL:http://xforce.iss.net/xforce/xfdb/72530	Assigned (20120111)	None (candidate not yet proposed)
72	CVE-2012-0490	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2012:0984 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html | BID:51524 | URL:http://www.securityfocus.com/bid/51524 | OSVDB:78388 | URL:http://osvdb.org/78388 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-serveruns9-dos(72531) | URL:http://xforce.iss.net/xforce/xfdb/72531	Assigned (20120111)	None (candidate not yet proposed)
73	CVE-2012-0491	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0493, and CVE-2012-0495.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:51518 | URL:http://www.securityfocus.com/bid/51518 | OSVDB:78389 | URL:http://osvdb.org/78389 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-serveruns10-dos(72532) | URL:http://xforce.iss.net/xforce/xfdb/72532	Assigned (20120111)	None (candidate not yet proposed)
74	CVE-2012-0492	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:51516 | URL:http://www.securityfocus.com/bid/51516 | OSVDB:78393 | URL:http://osvdb.org/78393 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-serveruns14-dos(72537) | URL:http://xforce.iss.net/xforce/xfdb/72537	Assigned (20120111)	None (candidate not yet proposed)
75	CVE-2012-0493	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0495.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | OSVDB:78394 | URL:http://osvdb.org/78394 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-serveruns15-dos(72538) | URL:http://xforce.iss.net/xforce/xfdb/72538	Assigned (20120111)	None (candidate not yet proposed)
76	CVE-2012-0494	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows local users to affect availability via unknown vectors.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | OSVDB:78375 | URL:http://osvdb.org/78375 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-serveruns16-dos(72540) | URL:http://xforce.iss.net/xforce/xfdb/72540	Assigned (20120111)	None (candidate not yet proposed)
77	CVE-2012-0495	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0493.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | OSVDB:78390 | URL:http://osvdb.org/78390 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-serveruns11-dos(72533) | URL:http://xforce.iss.net/xforce/xfdb/72533	Assigned (20120111)	None (candidate not yet proposed)
78	CVE-2012-0496	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | OSVDB:78371 | URL:http://osvdb.org/78371 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-server-cve20120496(72518) | URL:http://xforce.iss.net/xforce/xfdb/72518	Assigned (20120111)	None (candidate not yet proposed)
79	CVE-2012-0540	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54551 | URL:http://www.securityfocus.com/bid/54551 | OSVDB:83976 | URL:http://osvdb.org/83976 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-gisextension-dos(77061) | URL:http://xforce.iss.net/xforce/xfdb/77061	Assigned (20120111)	None (candidate not yet proposed)
80	CVE-2012-0572	Candidate	Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16792 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16792 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20120111)	None (candidate not yet proposed)
81	CVE-2012-0574	Candidate	Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | HP:HPSBUX02824 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | HP:SSRT100970 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17266 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17266 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20120111)	None (candidate not yet proposed)
82	CVE-2012-0578	Candidate	Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16947 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16947 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20120111)	None (candidate not yet proposed)
83	CVE-2012-0583	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53061 | URL:http://www.securityfocus.com/bid/53061 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20120111)	None (candidate not yet proposed)
84	CVE-2012-0937	Candidate	** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time.	BUGTRAQ:20120124 TWSL2012-002: Multiple Vulnerabilities in WordPress | URL:http://archives.neohapsis.com/archives/bugtraq/2012-01/0150.html | EXPLOIT-DB:18417 | URL:http://www.exploit-db.com/exploits/18417 | MISC:https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt	Assigned (20120130)	None (candidate not yet proposed)
85	CVE-2012-1688	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53067 | URL:http://www.securityfocus.com/bid/53067 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20120316)	None (candidate not yet proposed)
86	CVE-2012-1689	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54547 | URL:http://www.securityfocus.com/bid/54547 | OSVDB:83980 | URL:http://osvdb.org/83980 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-optimizer-dos(77065) | URL:http://xforce.iss.net/xforce/xfdb/77065	Assigned (20120316)	None (candidate not yet proposed)
87	CVE-2012-1690	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53074 | URL:http://www.securityfocus.com/bid/53074 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20120316)	None (candidate not yet proposed)
88	CVE-2012-1696	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53071 | URL:http://www.securityfocus.com/bid/53071 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20120316)	None (candidate not yet proposed)
89	CVE-2012-1697	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53064 | URL:http://www.securityfocus.com/bid/53064 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20120316)	None (candidate not yet proposed)
90	CVE-2012-1702	Candidate	Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17186 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17186 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20120316)	None (candidate not yet proposed)
91	CVE-2012-1703	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53058 | URL:http://www.securityfocus.com/bid/53058 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20120316)	None (candidate not yet proposed)
92	CVE-2012-1705	Candidate	Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17268 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17268 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20120316)	None (candidate not yet proposed)
93	CVE-2012-1734	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54540 | URL:http://www.securityfocus.com/bid/54540 | OSVDB:83979 | URL:http://osvdb.org/83979 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-servopt-dos(77064) | URL:http://xforce.iss.net/xforce/xfdb/77064	Assigned (20120316)	None (candidate not yet proposed)
94	CVE-2012-1735	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:54549 | URL:http://www.securityfocus.com/bid/54549 | OSVDB:83975 | URL:http://osvdb.org/83975 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-serveroptimizer-dos(77060) | URL:http://xforce.iss.net/xforce/xfdb/77060	Assigned (20120316)	None (candidate not yet proposed)
95	CVE-2012-1756	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:54524 | URL:http://www.securityfocus.com/bid/54524 | OSVDB:83978 | URL:http://osvdb.org/83978 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-server1-dos(77063) | URL:http://xforce.iss.net/xforce/xfdb/77063	Assigned (20120316)	None (candidate not yet proposed)
96	CVE-2012-1757	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:54526 | URL:http://www.securityfocus.com/bid/54526 | OSVDB:83977 | URL:http://osvdb.org/83977 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-innodb1-dos(77062) | URL:http://xforce.iss.net/xforce/xfdb/77062	Assigned (20120316)	None (candidate not yet proposed)
97	CVE-2012-2102	Candidate	MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.	MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE | URL:http://www.openwall.com/lists/oss-security/2012/04/13/7 | MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 | MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:52931 | URL:http://www.securityfocus.com/bid/52931 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20120404)	None (candidate not yet proposed)
98	CVE-2012-3144	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | XF:mysqlserver-server-cve20123144-dos(79387) | URL:http://xforce.iss.net/xforce/xfdb/79387	Assigned (20120606)	None (candidate not yet proposed)
99	CVE-2012-3147	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | XF:mysqlserver-client-cve20123147(79384) | URL:http://xforce.iss.net/xforce/xfdb/79384	Assigned (20120606)	None (candidate not yet proposed)
100	CVE-2012-3149	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | XF:mysqlserver-client-info-disc(79390) | URL:http://xforce.iss.net/xforce/xfdb/79390	Assigned (20120606)	None (candidate not yet proposed)
101	CVE-2012-3150	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-opt-dos(79388) | URL:http://xforce.iss.net/xforce/xfdb/79388	Assigned (20120606)	None (candidate not yet proposed)
102	CVE-2012-3156	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177	Assigned (20120606)	None (candidate not yet proposed)
103	CVE-2012-3158	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-protocol-cve20123158(79382) | URL:http://xforce.iss.net/xforce/xfdb/79382	Assigned (20120606)	None (candidate not yet proposed)
104	CVE-2012-3160	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverinstallation-info-disc(79394) | URL:http://xforce.iss.net/xforce/xfdb/79394	Assigned (20120606)	None (candidate not yet proposed)
105	CVE-2012-3163	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | CONFIRM:http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14907.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:56509 | URL:http://secunia.com/advisories/56509 | SECUNIA:56513 | URL:http://secunia.com/advisories/56513 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-informationschema-cve20123163(79381) | URL:http://xforce.iss.net/xforce/xfdb/79381	Assigned (20120606)	None (candidate not yet proposed)
106	CVE-2012-3166	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20120606)	None (candidate not yet proposed)
107	CVE-2012-3167	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverfulltextsearch-dos(79392) | URL:http://xforce.iss.net/xforce/xfdb/79392	Assigned (20120606)	None (candidate not yet proposed)
108	CVE-2012-3173	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-innodbplugin-dos(79386) | URL:http://xforce.iss.net/xforce/xfdb/79386	Assigned (20120606)	None (candidate not yet proposed)
109	CVE-2012-3177	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-server-dos(79383) | URL:http://xforce.iss.net/xforce/xfdb/79383	Assigned (20120606)	None (candidate not yet proposed)
110	CVE-2012-3180	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-optimize-dos(79389) | URL:http://xforce.iss.net/xforce/xfdb/79389	Assigned (20120606)	None (candidate not yet proposed)
111	CVE-2012-3197	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverreplication-dos(79393) | URL:http://xforce.iss.net/xforce/xfdb/79393	Assigned (20120606)	None (candidate not yet proposed)
112	CVE-2012-4414	Candidate	Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.	MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498	Assigned (20120821)	None (candidate not yet proposed)
113	CVE-2012-5060	Candidate	Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20120921)	None (candidate not yet proposed)
114	CVE-2012-5096	Candidate	Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16877 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16877 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20120922)	None (candidate not yet proposed)
115	CVE-2012-5383	Candidate	** DISPUTED ** Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the MySQL installation.	MISC:https://www.htbridge.com/advisory/HTB23108 | OSVDB:86175 | URL:http://osvdb.org/86175	Assigned (20121011)	None (candidate not yet proposed)
116	CVE-2013-0367	Candidate	Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17077 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17077 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20121207)	None (candidate not yet proposed)
117	CVE-2013-0368	Candidate	Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17255 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17255 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20121207)	None (candidate not yet proposed)
118	CVE-2013-0371	Candidate	Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16451 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16451 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20121207)	None (candidate not yet proposed)
119	CVE-2013-0375	Candidate	Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17175 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17175 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20121207)	None (candidate not yet proposed)
120	CVE-2013-0383	Candidate	Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16758 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16758 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20121207)	None (candidate not yet proposed)
121	CVE-2013-0384	Candidate	Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16632 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16632 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20121207)	None (candidate not yet proposed)
122	CVE-2013-0385	Candidate	Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16267 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16267 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20121207)	None (candidate not yet proposed)
123	CVE-2013-0386	Candidate	Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16835 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16835 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20121207)	None (candidate not yet proposed)
124	CVE-2013-0389	Candidate	Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16825 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16825 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20121207)	None (candidate not yet proposed)
125	CVE-2013-1502	Candidate	Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20130130)	None (candidate not yet proposed)
126	CVE-2013-1506	Candidate	Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20130130)	None (candidate not yet proposed)
127	CVE-2013-1521	Candidate	Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20130130)	None (candidate not yet proposed)
128	CVE-2013-1523	Candidate	Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Optimizer.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20130130)	None (candidate not yet proposed)
129	CVE-2013-1526	Candidate	Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20130130)	None (candidate not yet proposed)
130	CVE-2013-1531	Candidate	Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20130130)	None (candidate not yet proposed)
131	CVE-2013-1548	Candidate	Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20130130)	None (candidate not yet proposed)
132	CVE-2013-1555	Candidate	Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20130130)	None (candidate not yet proposed)
133	CVE-2013-1861	Candidate	MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.	MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895	Assigned (20130219)	None (candidate not yet proposed)
134	CVE-2013-2162	Candidate	Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials.	MLIST:[oss-security] 20130608 Re: CVE request: Debian's package "mysql-server" leaks credential information | URL:http://seclists.org/oss-sec/2013/q2/528 | MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711600 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | UBUNTU:USN-1909-1 | URL:http://ubuntu.com/usn/usn-1909-1 | BID:60424 | URL:http://www.securityfocus.com/bid/60424 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300	Assigned (20130219)	None (candidate not yet proposed)
135	CVE-2013-2381	Candidate	Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20130305)	None (candidate not yet proposed)
136	CVE-2013-2391	Candidate	Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20130305)	None (candidate not yet proposed)
137	CVE-2013-2392	Candidate	Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372	Assigned (20130305)	None (candidate not yet proposed)
138	CVE-2013-3221	Candidate	The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the "typed XML" feature and a MySQL database.	MLIST:[oss-security] 20130207 Potential Query Manipulation with Common Rails Practises | URL:http://openwall.com/lists/oss-security/2013/02/06/7 | MLIST:[rubyonrails-security] 20130207 Potential Query Manipulation with Common Rails Practises | URL:https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain | MLIST:[oss-security] 20130424 CVE-2013-3221 can also relate to Microsoft SQL Server and IBM DB2 | URL:http://openwall.com/lists/oss-security/2013/04/24/7 | MISC:http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails/ | MISC:http://www.phenoelit.org/blog/archives/2013/02/index.html | CONFIRM:https://gist.github.com/dakull/5442275	Assigned (20130421)	None (candidate not yet proposed)
139	CVE-2013-3783	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61210 | URL:http://www.securityfocus.com/bid/61210 | OSVDB:95332 | URL:http://osvdb.org/95332 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133783(85719) | URL:http://xforce.iss.net/xforce/xfdb/85719	Assigned (20130603)	None (candidate not yet proposed)
140	CVE-2013-3793	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61264 | URL:http://www.securityfocus.com/bid/61264 | OSVDB:95323 | URL:http://osvdb.org/95323 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133793(85710) | URL:http://xforce.iss.net/xforce/xfdb/85710	Assigned (20130603)	None (candidate not yet proposed)
141	CVE-2013-3794	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61222 | URL:http://www.securityfocus.com/bid/61222 | OSVDB:95333 | URL:http://osvdb.org/95333	Assigned (20130603)	None (candidate not yet proposed)
142	CVE-2013-3795	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61241 | URL:http://www.securityfocus.com/bid/61241 | OSVDB:95324 | URL:http://osvdb.org/95324	Assigned (20130603)	None (candidate not yet proposed)
143	CVE-2013-3796	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61233 | URL:http://www.securityfocus.com/bid/61233 | OSVDB:95329 | URL:http://osvdb.org/95329	Assigned (20130603)	None (candidate not yet proposed)
144	CVE-2013-3798	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61274 | URL:http://www.securityfocus.com/bid/61274 | OSVDB:95321 | URL:http://osvdb.org/95321	Assigned (20130603)	None (candidate not yet proposed)
145	CVE-2013-3801	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61269 | URL:http://www.securityfocus.com/bid/61269 | OSVDB:95331 | URL:http://osvdb.org/95331	Assigned (20130603)	None (candidate not yet proposed)
146	CVE-2013-3802	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61244 | URL:http://www.securityfocus.com/bid/61244 | OSVDB:95325 | URL:http://osvdb.org/95325 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133802(85712) | URL:http://xforce.iss.net/xforce/xfdb/85712	Assigned (20130603)	None (candidate not yet proposed)
147	CVE-2013-3804	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95328 | URL:http://osvdb.org/95328 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133804(85715) | URL:http://xforce.iss.net/xforce/xfdb/85715	Assigned (20130603)	None (candidate not yet proposed)
148	CVE-2013-3805	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95327 | URL:http://osvdb.org/95327	Assigned (20130603)	None (candidate not yet proposed)
149	CVE-2013-3806	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95326 | URL:http://osvdb.org/95326 | XF:oracle-cpujuly2013-cve20133806(85713) | URL:http://xforce.iss.net/xforce/xfdb/85713	Assigned (20130603)	None (candidate not yet proposed)
150	CVE-2013-3807	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95334 | URL:http://osvdb.org/95334 | XF:oracle-cpujuly2013-cve20133807(85721) | URL:http://xforce.iss.net/xforce/xfdb/85721	Assigned (20130603)	None (candidate not yet proposed)
151	CVE-2013-3808	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95330 | URL:http://osvdb.org/95330 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133808(85717) | URL:http://xforce.iss.net/xforce/xfdb/85717	Assigned (20130603)	None (candidate not yet proposed)
152	CVE-2013-3809	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95322 | URL:http://osvdb.org/95322 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133809(85709) | URL:http://xforce.iss.net/xforce/xfdb/85709	Assigned (20130603)	None (candidate not yet proposed)
153	CVE-2013-3810	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95337 | URL:http://osvdb.org/95337 | XF:oracle-cpujuly2013-cve20133810(85724) | URL:http://xforce.iss.net/xforce/xfdb/85724	Assigned (20130603)	None (candidate not yet proposed)
154	CVE-2013-3811	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95335 | URL:http://osvdb.org/95335 | XF:oracle-cpujuly2013-cve20133811(85722) | URL:http://xforce.iss.net/xforce/xfdb/85722	Assigned (20130603)	None (candidate not yet proposed)
155	CVE-2013-3812	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95336 | URL:http://osvdb.org/95336 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133812(85723) | URL:http://xforce.iss.net/xforce/xfdb/85723	Assigned (20130603)	None (candidate not yet proposed)
156	CVE-2013-3839	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2780 | URL:http://www.debian.org/security/2013/dsa-2780 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | MANDRIVA:MDVSA-2013:250 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | SECUNIA:55291 | URL:http://secunia.com/advisories/55291	Assigned (20130603)	None (candidate not yet proposed)
157	CVE-2013-5767	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184	Assigned (20130918)	None (candidate not yet proposed)
158	CVE-2013-5770	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184	Assigned (20130918)	None (candidate not yet proposed)
159	CVE-2013-5786	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184	Assigned (20130918)	None (candidate not yet proposed)
160	CVE-2013-5793	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184	Assigned (20130918)	None (candidate not yet proposed)
161	CVE-2013-5807	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184	Assigned (20130918)	None (candidate not yet proposed)
162	CVE-2013-5860	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64864 | URL:http://www.securityfocus.com/bid/64864 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135860(90373) | URL:http://xforce.iss.net/xforce/xfdb/90373	Assigned (20130918)	None (candidate not yet proposed)
163	CVE-2013-5881	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2014-0431.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64885 | URL:http://www.securityfocus.com/bid/64885 | OSVDB:102066 | URL:http://osvdb.org/102066 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135881(90377) | URL:http://xforce.iss.net/xforce/xfdb/90377	Assigned (20130918)	None (candidate not yet proposed)
164	CVE-2013-5882	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64854 | URL:http://www.securityfocus.com/bid/64854 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135882(90374) | URL:http://xforce.iss.net/xforce/xfdb/90374	Assigned (20130918)	None (candidate not yet proposed)
165	CVE-2013-5891	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64891 | URL:http://www.securityfocus.com/bid/64891 | OSVDB:102070 | URL:http://osvdb.org/102070 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580	Assigned (20130918)	None (candidate not yet proposed)
166	CVE-2013-5894	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64873 | URL:http://www.securityfocus.com/bid/64873 | OSVDB:102065 | URL:http://osvdb.org/102065 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135894(90376) | URL:http://xforce.iss.net/xforce/xfdb/90376	Assigned (20130918)	None (candidate not yet proposed)
167	CVE-2013-5908	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:http://xforce.iss.net/xforce/xfdb/90389	Assigned (20130918)	None (candidate not yet proposed)
168	CVE-2014-0001	Candidate	Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.	CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/ | MANDRIVA:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | OSVDB:102713 | URL:http://osvdb.org/102713 | OSVDB:102714 | URL:http://www.osvdb.org/102714	Assigned (20131203)	None (candidate not yet proposed)
169	CVE-2014-0224	Candidate	OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.	BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | BUGTRAQ:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | FULLDISC:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://seclists.org/fulldisclosure/2015/Apr/5 | MISC:http://ccsinjection.lepidum.co.jp | MISC:https://www.imperialviolet.org/2014/06/05/earlyccs.html | MISC:http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html | CONFIRM:http://www.openssl.org/news/secadv_20140605.txt | CONFIRM:https://access.redhat.com/site/blogs/766093/posts/908133 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1103586 | CONFIRM:https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bc8923b1ec9c467755cd86f7848c50ee8812e441 | CONFIRM:https://kb.bluecoat.com/index?page=content&id=SA80 | CONFIRM:http://www.kerio.com/support/kerio-control/release-history | CONFIRM:http://esupport.trendmicro.com/solution/en-US/1103813.aspx | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=nas8N1020172 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676035 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676062 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676419 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676496 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676655 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676845 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677390 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg24037761 | CONFIRM:http://www.blackberry.com/btsc/KB36051 | CONFIRM:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm | CONFIRM:http://www.novell.com/support/kb/doc.php?id=7015264 | CONFIRM:http://www.novell.com/support/kb/doc.php?id=7015300 | CONFIRM:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E | CONFIRM:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E | CONFIRM:https://kc.mcafee.com/corporate/index?page=content&id=SB10075 | CONFIRM:http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21673137 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677828 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677527 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677695 | CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095740 | CONFIRM:https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_SNARE_for_MSSQL.pdf | CONFIRM:https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_Snare_for_Windows.pdf | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004690 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21677567 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21678167 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21678289 | CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737 | CONFIRM:http://www.splunk.com/view/SP-CAAAM2D | CONFIRM:http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download | CONFIRM:https://discussions.nessus.org/thread/7517 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg400001841 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg400001843 | CONFIRM:http://www.fortiguard.com/advisory/FG-IR-14-018/ | CONFIRM:https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues | CONFIRM:https://filezilla-project.org/versions.php?type=server | CONFIRM:http://puppetlabs.com/security/cve/cve-2014-0224 | CONFIRM:http://linux.oracle.com/errata/ELSA-2014-1053.html | CONFIRM:http://support.apple.com/kb/HT6443 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 | CISCO:20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products | URL:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl | HP:HPSBMU03070 | URL:http://marc.info/?l=bugtraq&m=140499864129699&w=2 | HP:HPSBMU03053 | URL:http://marc.info/?l=bugtraq&m=140369637402535&w=2 | HP:HPSBMU03058 | URL:http://marc.info/?l=bugtraq&m=140386311427810&w=2 | HP:HPSBHF03145 | URL:http://marc.info/?l=bugtraq&m=141383465822787&w=2 | HP:HPSBMU03083 | URL:http://marc.info/?l=bugtraq&m=140983229106599&w=2 | HP:HPSBPI03107 | URL:http://marc.info/?l=bugtraq&m=141147110427269&w=2 | HP:HPSBST03097 | URL:http://marc.info/?l=bugtraq&m=141383410222440&w=2 | HP:HPSBST03103 | URL:http://marc.info/?l=bugtraq&m=141164638606214&w=2 | HP:HPSBST03106 | URL:http://marc.info/?l=bugtraq&m=141025641601169&w=2 | HP:HPSBST03265 | URL:http://marc.info/?l=bugtraq&m=142546741516006&w=2 | HP:HPSBMU03216 | URL:http://marc.info/?l=bugtraq&m=142350350616251&w=2 | HP:SSRT101818 | URL:http://marc.info/?l=bugtraq&m=142350350616251&w=2 | HP:HPSBST03195 | URL:http://marc.info/?l=bugtraq&m=142805027510172&w=2 | MANDRIVA:MDVSA-2015:062 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 | REDHAT:RHSA-2014:0624 | URL:http://rhn.redhat.com/errata/RHSA-2014-0624.html | REDHAT:RHSA-2014:0626 | URL:http://rhn.redhat.com/errata/RHSA-2014-0626.html | REDHAT:RHSA-2014:0627 | URL:http://rhn.redhat.com/errata/RHSA-2014-0627.html | REDHAT:RHSA-2014:0630 | URL:http://rhn.redhat.com/errata/RHSA-2014-0630.html | REDHAT:RHSA-2014:0631 | URL:http://rhn.redhat.com/errata/RHSA-2014-0631.html | REDHAT:RHSA-2014:0632 | URL:http://rhn.redhat.com/errata/RHSA-2014-0632.html | REDHAT:RHSA-2014:0633 | URL:http://rhn.redhat.com/errata/RHSA-2014-0633.html | REDHAT:RHSA-2014:0680 | URL:http://rhn.redhat.com/errata/RHSA-2014-0680.html | SUSE:openSUSE-SU-2015:0229 | URL:http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html | SUSE:SUSE-SU-2015:0578 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html | CERT-VN:VU#978508 | URL:http://www.kb.cert.org/vuls/id/978508 | SECTRACK:1031032 | URL:http://www.securitytracker.com/id/1031032 | SECTRACK:1031594 | URL:http://www.securitytracker.com/id/1031594 | SECUNIA:58579 | URL:http://secunia.com/advisories/58579 | SECUNIA:59191 | URL:http://secunia.com/advisories/59191 | SECUNIA:58128 | URL:http://secunia.com/advisories/58128 | SECUNIA:58385 | URL:http://secunia.com/advisories/58385 | SECUNIA:58939 | URL:http://secunia.com/advisories/58939 | SECUNIA:59043 | URL:http://secunia.com/advisories/59043 | SECUNIA:59055 | URL:http://secunia.com/advisories/59055 | SECUNIA:59063 | URL:http://secunia.com/advisories/59063 | SECUNIA:59120 | URL:http://secunia.com/advisories/59120 | SECUNIA:59126 | URL:http://secunia.com/advisories/59126 | SECUNIA:59162 | URL:http://secunia.com/advisories/59162 | SECUNIA:59300 | URL:http://secunia.com/advisories/59300 | SECUNIA:59383 | URL:http://secunia.com/advisories/59383 | SECUNIA:59438 | URL:http://secunia.com/advisories/59438 | SECUNIA:59442 | URL:http://secunia.com/advisories/59442 | SECUNIA:59450 | URL:http://secunia.com/advisories/59450 | SECUNIA:59491 | URL:http://secunia.com/advisories/59491 | SECUNIA:59495 | URL:http://secunia.com/advisories/59495 | SECUNIA:59514 | URL:http://secunia.com/advisories/59514 | SECUNIA:59528 | URL:http://secunia.com/advisories/59528 | SECUNIA:59490 | URL:http://secunia.com/advisories/59490 | SECUNIA:59655 | URL:http://secunia.com/advisories/59655 | SECUNIA:59721 | URL:http://secunia.com/advisories/59721 | SECUNIA:59827 | URL:http://secunia.com/advisories/59827 | SECUNIA:58930 | URL:http://secunia.com/advisories/58930 | SECUNIA:59413 | URL:http://secunia.com/advisories/59413 | SECUNIA:59602 | URL:http://secunia.com/advisories/59602 | SECUNIA:59669 | URL:http://secunia.com/advisories/59669 | SECUNIA:58639 | URL:http://secunia.com/advisories/58639 | SECUNIA:58759 | URL:http://secunia.com/advisories/58759 | SECUNIA:59012 | URL:http://secunia.com/advisories/59012 | SECUNIA:59301 | URL:http://secunia.com/advisories/59301 | SECUNIA:59370 | URL:http://secunia.com/advisories/59370 | SECUNIA:59659 | URL:http://secunia.com/advisories/59659 | SECUNIA:59666 | URL:http://secunia.com/advisories/59666 | SECUNIA:59824 | URL:http://secunia.com/advisories/59824 | SECUNIA:58745 | URL:http://secunia.com/advisories/58745 | SECUNIA:59459 | URL:http://secunia.com/advisories/59459 | SECUNIA:59885 | URL:http://secunia.com/advisories/59885 | SECUNIA:59342 | URL:http://secunia.com/advisories/59342 | SECUNIA:59451 | URL:http://secunia.com/advisories/59451 | SECUNIA:59894 | URL:http://secunia.com/advisories/59894 | SECUNIA:59916 | URL:http://secunia.com/advisories/59916 | SECUNIA:60049 | URL:http://secunia.com/advisories/60049 | SECUNIA:58743 | URL:http://secunia.com/advisories/58743 | SECUNIA:59325 | URL:http://secunia.com/advisories/59325 | SECUNIA:59354 | URL:http://secunia.com/advisories/59354 | SECUNIA:59506 | URL:http://secunia.com/advisories/59506 | SECUNIA:59530 | URL:http://secunia.com/advisories/59530 | SECUNIA:59589 | URL:http://secunia.com/advisories/59589 | SECUNIA:60066 | URL:http://secunia.com/advisories/60066 | SECUNIA:59784 | URL:http://secunia.com/advisories/59784 | SECUNIA:59878 | URL:http://secunia.com/advisories/59878 | SECUNIA:59990 | URL:http://secunia.com/advisories/59990 | SECUNIA:60176 | URL:http://secunia.com/advisories/60176 | SECUNIA:60522 | URL:http://secunia.com/advisories/60522 | SECUNIA:60567 | URL:http://secunia.com/advisories/60567 | SECUNIA:60571 | URL:http://secunia.com/advisories/60571 | SECUNIA:60577 | URL:http://secunia.com/advisories/60577 | SECUNIA:60819 | URL:http://secunia.com/advisories/60819 | SECUNIA:61815 | URL:http://secunia.com/advisories/61815	Assigned (20131203)	None (candidate not yet proposed)
170	CVE-2014-0384	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html	Assigned (20131212)	None (candidate not yet proposed)
171	CVE-2014-0386	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:http://xforce.iss.net/xforce/xfdb/90380	Assigned (20131212)	None (candidate not yet proposed)
172	CVE-2014-0393	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | OSVDB:102075 | URL:http://osvdb.org/102075 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140393(90386) | URL:http://xforce.iss.net/xforce/xfdb/90386	Assigned (20131212)	None (candidate not yet proposed)
173	CVE-2014-0401	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | OSVDB:102071 | URL:http://osvdb.org/102071 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140401(90382) | URL:http://xforce.iss.net/xforce/xfdb/90382	Assigned (20131212)	None (candidate not yet proposed)
174	CVE-2014-0402	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | OSVDB:102068 | URL:http://osvdb.org/102068 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140402(90379) | URL:http://xforce.iss.net/xforce/xfdb/90379	Assigned (20131212)	None (candidate not yet proposed)
175	CVE-2014-0412	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | OSVDB:102067 | URL:http://osvdb.org/102067 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140412(90378) | URL:http://xforce.iss.net/xforce/xfdb/90378	Assigned (20131212)	None (candidate not yet proposed)
176	CVE-2014-0420	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64888 | URL:http://www.securityfocus.com/bid/64888 | OSVDB:102077 | URL:http://osvdb.org/102077 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140420(90388) | URL:http://xforce.iss.net/xforce/xfdb/90388	Assigned (20131212)	None (candidate not yet proposed)
177	CVE-2014-0427	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64868 | URL:http://www.securityfocus.com/bid/64868 | OSVDB:102072 | URL:http://osvdb.org/102072 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140427(90383) | URL:http://xforce.iss.net/xforce/xfdb/90383	Assigned (20131212)	None (candidate not yet proposed)
178	CVE-2014-0430	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64893 | URL:http://www.securityfocus.com/bid/64893 | OSVDB:102076 | URL:http://osvdb.org/102076 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140430(90387) | URL:http://xforce.iss.net/xforce/xfdb/90387	Assigned (20131212)	None (candidate not yet proposed)
179	CVE-2014-0431	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5881.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64897 | URL:http://www.securityfocus.com/bid/64897 | OSVDB:102073 | URL:http://osvdb.org/102073 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140431(90384) | URL:http://xforce.iss.net/xforce/xfdb/90384	Assigned (20131212)	None (candidate not yet proposed)
180	CVE-2014-0433	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64895 | URL:http://www.securityfocus.com/bid/64895 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140433(90375) | URL:http://xforce.iss.net/xforce/xfdb/90375	Assigned (20131212)	None (candidate not yet proposed)
181	CVE-2014-0437	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | OSVDB:102074 | URL:http://osvdb.org/102074 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140437(90385) | URL:http://xforce.iss.net/xforce/xfdb/90385	Assigned (20131212)	None (candidate not yet proposed)
182	CVE-2014-2419	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | BID:66880 | URL:http://www.securityfocus.com/bid/66880	Assigned (20140313)	None (candidate not yet proposed)
183	CVE-2014-2430	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | BID:66858 | URL:http://www.securityfocus.com/bid/66858	Assigned (20140313)	None (candidate not yet proposed)
184	CVE-2014-2431	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | BID:66890 | URL:http://www.securityfocus.com/bid/66890	Assigned (20140313)	None (candidate not yet proposed)
185	CVE-2014-2432	Candidate	Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | BID:66875 | URL:http://www.securityfocus.com/bid/66875	Assigned (20140313)	None (candidate not yet proposed)
186	CVE-2014-2434	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | BID:66872 | URL:http://www.securityfocus.com/bid/66872	Assigned (20140313)	None (candidate not yet proposed)
187	CVE-2014-2435	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | BID:66853 | URL:http://www.securityfocus.com/bid/66853	Assigned (20140313)	None (candidate not yet proposed)
188	CVE-2014-2436	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | BID:66896 | URL:http://www.securityfocus.com/bid/66896	Assigned (20140313)	None (candidate not yet proposed)
189	CVE-2014-2438	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | BID:66846 | URL:http://www.securityfocus.com/bid/66846	Assigned (20140313)	None (candidate not yet proposed)
190	CVE-2014-2442	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html	Assigned (20140313)	None (candidate not yet proposed)
191	CVE-2014-2444	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html	Assigned (20140313)	None (candidate not yet proposed)
192	CVE-2014-2450	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html	Assigned (20140313)	None (candidate not yet proposed)
193	CVE-2014-2451	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html	Assigned (20140313)	None (candidate not yet proposed)
194	CVE-2014-2484	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRFTS.	BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html	Assigned (20140313)	None (candidate not yet proposed)
195	CVE-2014-2494	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.	BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html	Assigned (20140313)	None (candidate not yet proposed)
196	CVE-2014-4207	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.	BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68593 | URL:http://www.securityfocus.com/bid/68593 | XF:oracle-cpujul2014-cve20144207(94624) | URL:http://xforce.iss.net/xforce/xfdb/94624	Assigned (20140617)	None (candidate not yet proposed)
197	CVE-2014-4214	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.	BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68607 | URL:http://www.securityfocus.com/bid/68607 | XF:oracle-cpujul2014-cve20144214(94627) | URL:http://xforce.iss.net/xforce/xfdb/94627	Assigned (20140617)	None (candidate not yet proposed)
198	CVE-2014-4233	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.	BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68598 | URL:http://www.securityfocus.com/bid/68598 | XF:oracle-cpujul2014-cve20144233(94625) | URL:http://xforce.iss.net/xforce/xfdb/94625	Assigned (20140617)	None (candidate not yet proposed)
199	CVE-2014-4238	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.	BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68587 | URL:http://www.securityfocus.com/bid/68587 | XF:oracle-cpujul2014-cve20144238(94623) | URL:http://xforce.iss.net/xforce/xfdb/94623	Assigned (20140617)	None (candidate not yet proposed)
200	CVE-2014-4240	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.	BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68602 | URL:http://www.securityfocus.com/bid/68602 | XF:oracle-cpujul2014-cve20144240(94626) | URL:http://xforce.iss.net/xforce/xfdb/94626	Assigned (20140617)	None (candidate not yet proposed)
201	CVE-2014-4243	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.	BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68611 | URL:http://www.securityfocus.com/bid/68611 | XF:oracle-cpujul2014-cve20144243(94628) | URL:http://xforce.iss.net/xforce/xfdb/94628	Assigned (20140617)	None (candidate not yet proposed)
202	CVE-2014-4258	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.	BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68564 | URL:http://www.securityfocus.com/bid/68564 | XF:oracle-cpujul2014-cve20144258(94620) | URL:http://xforce.iss.net/xforce/xfdb/94620	Assigned (20140617)	None (candidate not yet proposed)
203	CVE-2014-4260	Candidate	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.	BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68573 | URL:http://www.securityfocus.com/bid/68573 | XF:oracle-cpujul2014-cve20144260(94621) | URL:http://xforce.iss.net/xforce/xfdb/94621	Assigned (20140617)	None (candidate not yet proposed)
204	CVE-2014-4274	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | BID:69732 | URL:http://www.securityfocus.com/bid/69732	Assigned (20140617)	None (candidate not yet proposed)
205	CVE-2014-4287	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | BID:70517 | URL:http://www.securityfocus.com/bid/70517	Assigned (20140617)	None (candidate not yet proposed)
206	CVE-2014-4987	Candidate	server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.	CONFIRM:http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php | CONFIRM:https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5 | SUSE:openSUSE-SU-2014:1069 | URL:http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html | SECUNIA:60397 | URL:http://secunia.com/advisories/60397	Assigned (20140716)	None (candidate not yet proposed)
207	CVE-2014-6463	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | BID:70532 | URL:http://www.securityfocus.com/bid/70532	Assigned (20140917)	None (candidate not yet proposed)
208	CVE-2014-6464	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70451 | URL:http://www.securityfocus.com/bid/70451 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073	Assigned (20140917)	None (candidate not yet proposed)
209	CVE-2014-6469	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.39 and eariler and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70446 | URL:http://www.securityfocus.com/bid/70446 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073	Assigned (20140917)	None (candidate not yet proposed)
210	CVE-2014-6474	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html	Assigned (20140917)	None (candidate not yet proposed)
211	CVE-2014-6478	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | BID:70489 | URL:http://www.securityfocus.com/bid/70489	Assigned (20140917)	None (candidate not yet proposed)
212	CVE-2014-6484	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | BID:70455 | URL:http://www.securityfocus.com/bid/70455	Assigned (20140917)	None (candidate not yet proposed)
213	CVE-2014-6489	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | BID:70525 | URL:http://www.securityfocus.com/bid/70525	Assigned (20140917)	None (candidate not yet proposed)
214	CVE-2014-6491	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70444 | URL:http://www.securityfocus.com/bid/70444 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073	Assigned (20140917)	None (candidate not yet proposed)
215	CVE-2014-6494	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70497 | URL:http://www.securityfocus.com/bid/70497 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073	Assigned (20140917)	None (candidate not yet proposed)
216	CVE-2014-6495	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | BID:70496 | URL:http://www.securityfocus.com/bid/70496	Assigned (20140917)	None (candidate not yet proposed)
217	CVE-2014-6496	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70469 | URL:http://www.securityfocus.com/bid/70469 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073	Assigned (20140917)	None (candidate not yet proposed)
218	CVE-2014-6500	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70478 | URL:http://www.securityfocus.com/bid/70478 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073	Assigned (20140917)	None (candidate not yet proposed)
219	CVE-2014-6505	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | BID:70516 | URL:http://www.securityfocus.com/bid/70516	Assigned (20140917)	None (candidate not yet proposed)
220	CVE-2014-6507	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70550 | URL:http://www.securityfocus.com/bid/70550 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073	Assigned (20140917)	None (candidate not yet proposed)
221	CVE-2014-6520	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | BID:70510 | URL:http://www.securityfocus.com/bid/70510	Assigned (20140917)	None (candidate not yet proposed)
222	CVE-2014-6530	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | BID:70486 | URL:http://www.securityfocus.com/bid/70486	Assigned (20140917)	None (candidate not yet proposed)
223	CVE-2014-6551	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | BID:70462 | URL:http://www.securityfocus.com/bid/70462	Assigned (20140917)	None (candidate not yet proposed)
224	CVE-2014-6555	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70530 | URL:http://www.securityfocus.com/bid/70530 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073	Assigned (20140917)	None (candidate not yet proposed)
225	CVE-2014-6559	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70487 | URL:http://www.securityfocus.com/bid/70487 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073	Assigned (20140917)	None (candidate not yet proposed)
226	CVE-2014-6564	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | BID:70511 | URL:http://www.securityfocus.com/bid/70511	Assigned (20140917)	None (candidate not yet proposed)
227	CVE-2014-6568	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.	BUGTRAQ:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded | FULLDISC:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://seclists.org/fulldisclosure/2015/Apr/5 | MISC:http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72210 | URL:http://www.securityfocus.com/bid/72210 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732	Assigned (20140917)	None (candidate not yet proposed)
228	CVE-2015-0374	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.	BUGTRAQ:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded | FULLDISC:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://seclists.org/fulldisclosure/2015/Apr/5 | MISC:http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72227 | URL:http://www.securityfocus.com/bid/72227 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150374(100191) | URL:http://xforce.iss.net/xforce/xfdb/100191	Assigned (20141217)	None (candidate not yet proposed)
229	CVE-2015-0381	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.	BUGTRAQ:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded | FULLDISC:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://seclists.org/fulldisclosure/2015/Apr/5 | MISC:http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72214 | URL:http://www.securityfocus.com/bid/72214 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150381(100185) | URL:http://xforce.iss.net/xforce/xfdb/100185	Assigned (20141217)	None (candidate not yet proposed)
230	CVE-2015-0382	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.	BUGTRAQ:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded | FULLDISC:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://seclists.org/fulldisclosure/2015/Apr/5 | MISC:http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72200 | URL:http://www.securityfocus.com/bid/72200 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150382(100184) | URL:http://xforce.iss.net/xforce/xfdb/100184	Assigned (20141217)	None (candidate not yet proposed)
231	CVE-2015-0385	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.	BUGTRAQ:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded | FULLDISC:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://seclists.org/fulldisclosure/2015/Apr/5 | MISC:http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | BID:72229 | URL:http://www.securityfocus.com/bid/72229 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150385(100190) | URL:http://xforce.iss.net/xforce/xfdb/100190	Assigned (20141217)	None (candidate not yet proposed)
232	CVE-2015-0391	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.	BUGTRAQ:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded | FULLDISC:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://seclists.org/fulldisclosure/2015/Apr/5 | MISC:http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | BID:72205 | URL:http://www.securityfocus.com/bid/72205 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150391(100186) | URL:http://xforce.iss.net/xforce/xfdb/100186	Assigned (20141217)	None (candidate not yet proposed)
233	CVE-2015-0405	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html	Assigned (20141217)	None (candidate not yet proposed)
234	CVE-2015-0409	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.	BUGTRAQ:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded | FULLDISC:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://seclists.org/fulldisclosure/2015/Apr/5 | MISC:http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150409(100188) | URL:http://xforce.iss.net/xforce/xfdb/100188	Assigned (20141217)	None (candidate not yet proposed)
235	CVE-2015-0411	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.	BUGTRAQ:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded | FULLDISC:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://seclists.org/fulldisclosure/2015/Apr/5 | MISC:http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150411(100183) | URL:http://xforce.iss.net/xforce/xfdb/100183	Assigned (20141217)	None (candidate not yet proposed)
236	CVE-2015-0423	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html	Assigned (20141217)	None (candidate not yet proposed)
237	CVE-2015-0432	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.	BUGTRAQ:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded | FULLDISC:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://seclists.org/fulldisclosure/2015/Apr/5 | MISC:http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150432(100187) | URL:http://xforce.iss.net/xforce/xfdb/100187	Assigned (20141217)	None (candidate not yet proposed)
238	CVE-2015-0433	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html	Assigned (20141217)	None (candidate not yet proposed)
239	CVE-2015-0438	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html	Assigned (20141217)	None (candidate not yet proposed)
240	CVE-2015-0439	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html	Assigned (20141217)	None (candidate not yet proposed)
241	CVE-2015-0441	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html	Assigned (20141217)	None (candidate not yet proposed)
242	CVE-2015-0498	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html	Assigned (20141217)	None (candidate not yet proposed)
243	CVE-2015-0499	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html	Assigned (20141217)	None (candidate not yet proposed)
244	CVE-2015-0500	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html	Assigned (20141217)	None (candidate not yet proposed)
245	CVE-2015-0501	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html	Assigned (20141217)	None (candidate not yet proposed)
246	CVE-2015-0503	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html	Assigned (20141217)	None (candidate not yet proposed)
247	CVE-2015-0505	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html	Assigned (20141217)	None (candidate not yet proposed)
248	CVE-2015-0506	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2015-0508.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html	Assigned (20141217)	None (candidate not yet proposed)
249	CVE-2015-0507	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html	Assigned (20141217)	None (candidate not yet proposed)
250	CVE-2015-0508	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0506.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html	Assigned (20141217)	None (candidate not yet proposed)
251	CVE-2015-0511	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html	Assigned (20141217)	None (candidate not yet proposed)
252	CVE-2015-2566	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html	Assigned (20150320)	None (candidate not yet proposed)
253	CVE-2015-2567	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html	Assigned (20150320)	None (candidate not yet proposed)
254	CVE-2015-2568	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html	Assigned (20150320)	None (candidate not yet proposed)
255	CVE-2015-2571	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html	Assigned (20150320)	None (candidate not yet proposed)
256	CVE-2015-2573	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html	Assigned (20150320)	None (candidate not yet proposed)
257	CVE-2015-2582	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1	Assigned (20150320)	None (candidate not yet proposed)
258	CVE-2015-2611	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1	Assigned (20150320)	None (candidate not yet proposed)
259	CVE-2015-2617	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1	Assigned (20150320)	None (candidate not yet proposed)
260	CVE-2015-2620	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1	Assigned (20150320)	None (candidate not yet proposed)
261	CVE-2015-2639	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1	Assigned (20150320)	None (candidate not yet proposed)
262	CVE-2015-2641	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1	Assigned (20150320)	None (candidate not yet proposed)
263	CVE-2015-2643	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1	Assigned (20150320)	None (candidate not yet proposed)
264	CVE-2015-2648	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1	Assigned (20150320)	None (candidate not yet proposed)
265	CVE-2015-2661	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1	Assigned (20150320)	None (candidate not yet proposed)
266	CVE-2015-4737	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1	Assigned (20150624)	None (candidate not yet proposed)
267	CVE-2015-4752	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1	Assigned (20150624)	None (candidate not yet proposed)
268	CVE-2015-4756	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html	Assigned (20150624)	None (candidate not yet proposed)
269	CVE-2015-4757	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1	Assigned (20150624)	None (candidate not yet proposed)
270	CVE-2015-4761	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1	Assigned (20150624)	None (candidate not yet proposed)
271	CVE-2015-4766	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)
272	CVE-2015-4767	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1	Assigned (20150624)	None (candidate not yet proposed)
273	CVE-2015-4769	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4767.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1	Assigned (20150624)	None (candidate not yet proposed)
274	CVE-2015-4771	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1	Assigned (20150624)	None (candidate not yet proposed)
275	CVE-2015-4772	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1	Assigned (20150624)	None (candidate not yet proposed)
276	CVE-2015-4791	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)
277	CVE-2015-4792	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)
278	CVE-2015-4800	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)
279	CVE-2015-4802	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)
280	CVE-2015-4807	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)
281	CVE-2015-4815	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)
282	CVE-2015-4816	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)
283	CVE-2015-4819	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)
284	CVE-2015-4826	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)
285	CVE-2015-4830	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)
286	CVE-2015-4833	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)
287	CVE-2015-4836	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)
288	CVE-2015-4858	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)
289	CVE-2015-4861	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)
290	CVE-2015-4862	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)
291	CVE-2015-4864	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)
292	CVE-2015-4866	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)
293	CVE-2015-4870	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)
294	CVE-2015-4879	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)
295	CVE-2015-4890	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)
296	CVE-2015-4895	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)
297	CVE-2015-4904	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)
298	CVE-2015-4905	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)
299	CVE-2015-4910	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)
300	CVE-2015-4913	Candidate	Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.	CONFIRM:http://www.oracle.com/technetwork/topics/security/alerts-086861.html	Assigned (20150624)	None (candidate not yet proposed)