ALT Linux Team

Branch c7 update on 2016-11-10

2016-11-10

ALT-BU-2016-3127-1

Branch c7 update bulletin.

ALT-PU-2016-2239-1

Package kernel-image-un-def updated to version 4.4.30-alt0.M70C.2 for branch c7 in task 171699.

Closed vulnerabilities

Published: 2016-10-17
Modified: 2024-11-21

CVE-2016-8666

The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2016-11-28
Modified: 2024-11-21

CVE-2016-9644

The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch to older kernels.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2017-03-27
Modified: 2024-11-21

CVE-2017-7273

The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report.

Severity: MEDIUM (6.6) Vector: CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2016-2259-1

Package MySQL updated to version 5.5.53-alt0.M70C.1 for branch c7 in task 171748.

Closed vulnerabilities

Published: 2013-04-16

BDU:2014-00011

Уязвимость системы управления базами данных MySQL, позволяющая злоумышленнику, прошедшему аутентификацию, вызвать отказ в обслуживании

Severity: MEDIUM (4.0)
References:
Published: 2013-04-16

BDU:2014-00012

Уязвимость системы управления базами данных MySQL, позволяющая злоумышленнику, прошедшему аутентификацию, вызвать отказ в обслуживании

Severity: MEDIUM (4.0)
References:
Published: 2014-01-31

BDU:2014-00338

Уязвимость системы управления базами данных MySQL, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2014-01-31

BDU:2014-00339

Уязвимость системы управления базами данных Marida DB, позволяющая злоумышленнику вызвать отказ в обслуживании

Severity: HIGH (7.5)
References:
Published: 2014-04-15

BDU:2014-00340

Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных

Severity: MEDIUM (4.0)
References:
Published: 2014-04-15

BDU:2014-00341

Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных

Severity: MEDIUM (4.0)
References:
Published: 2014-04-15

BDU:2014-00343

Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных

Severity: LOW (3.5)
References:
Published: 2014-04-15

BDU:2014-00345

Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных

Severity: MEDIUM (4.3)
References:
Published: 2014-01-15

BDU:2014-00346

Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных

Severity: LOW (2.8)
References:
Published: 2014-01-15

BDU:2014-00347

Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных

Severity: MEDIUM (4.0)
References:
Published: 2014-01-15

BDU:2014-00348

Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных

Severity: MEDIUM (4.0)
References:
Published: 2014-04-15

BDU:2014-00350

Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных

Severity: MEDIUM (6.0)
References:
Published: 2014-04-15

BDU:2014-00351

Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных

Severity: LOW (2.8)
References:
Published: 2014-04-15

BDU:2014-00352

Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных

Severity: LOW (3.5)
References:
Published: 2014-01-15

BDU:2014-00353

Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных

Severity: MEDIUM (4.0)
References:
Published: 2014-04-15

BDU:2014-00354

Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных

Severity: LOW (2.6)
References:
Published: 2014-01-15

BDU:2014-00355

Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных

Severity: LOW (3.3)
References:
Published: 2014-01-15

BDU:2014-00356

Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных

Severity: LOW (3.5)
References:
Published: 2014-01-15

BDU:2014-00357

Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных

Severity: MEDIUM (4.0)
References:
Published: 2014-01-15

BDU:2014-00360

Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных

Severity: MEDIUM (4.0)
References:
Published: 2014-01-15

BDU:2014-00361

Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных

Severity: LOW (2.6)
References:
Published: 2015-04-16

BDU:2015-09979

Уязвимость системы управления базами данных MySQL, позволяющая удаленному нарушителю, прошедшим аутентификацию, нарушить доступность данных

Severity: MEDIUM (5.7)
References:
Published: 2015-04-16

BDU:2015-09981

Уязвимость системы управления базами данных MySQL, позволяющая удаленному нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.0)
References:
Published: 2015-04-16

BDU:2015-09982

Уязвимость системы управления базами данных MySQL, позволяющая удаленному нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.0)
References:
Published: 2015-04-16

BDU:2015-09986

Уязвимость системы управления базами данных MySQL, позволяющая удаленному нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.0)
References:
Published: 2015-04-16

BDU:2015-09988

Уязвимость системы управления базами данных MySQL, позволяющая удаленному нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.0)
References:
Published: 2015-04-16

BDU:2015-09991

Уязвимость системы управления базами данных MySQL, позволяющая удаленному нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.0)
References:
Published: 2015-04-16

BDU:2015-09993

Уязвимость системы управления базами данных MySQL, позволяющая удаленному нарушителю вызвать отказ в обслуживании

Severity: LOW (3.5)
References:
Published: 2015-04-16

BDU:2015-09994

Уязвимость системы управления базами данных MySQL, позволяющая удаленному нарушителю вызвать отказ в обслуживании

Severity: LOW (3.5)
References:
Published: 2015-07-14

BDU:2015-11050

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю нарушить доступность защищаемой информации

Severity: MEDIUM (4.0)
References:
Published: 2015-07-14

BDU:2015-11052

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю нарушить доступность защищаемой информации

Severity: LOW (3.5)
References:
Published: 2015-10-22

BDU:2015-11831

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Severity: LOW (3.5)
References:
Published: 2015-10-22

BDU:2015-11860

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю получить доступ к системе управления базами данных или выполнить произвольный код

Severity: MEDIUM (4.6)
References:
Published: 2015-10-22

BDU:2015-11868

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.0)
References:
Published: 2015-10-22

BDU:2015-11874

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю изменять данные

Severity: LOW (3.5)
References:
Published: 2015-10-22

BDU:2015-11877

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Severity: LOW (3.5)
References:
Published: 2015-10-22

BDU:2015-11880

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.0)
References:
Published: 2015-10-22

BDU:2015-11898

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Severity: LOW (2.8)
References:
Published: 2015-10-22

BDU:2015-11904

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю изменять данные

Severity: MEDIUM (4.0)
References:
Published: 2015-10-22

BDU:2015-11905

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю выполнить несанкционированное чтение данных

Severity: MEDIUM (4.0)
References:
Published: 2015-10-22

BDU:2015-11909

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю получить доступ к MySQL Server или выполнить произвольный код

Severity: HIGH (7.2)
References:
Published: 2015-10-22

BDU:2015-11911

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.0)
References:
Published: 2015-10-22

BDU:2015-11912

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.0)
References:
Published: 2015-10-22

BDU:2015-11918

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Severity: LOW (3.5)
References:
Published: 2015-10-22

BDU:2015-11922

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.0)
References:
Published: 2015-10-22

BDU:2015-11930

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Severity: LOW (1.7)
References:
Published: 2015-07-16

BDU:2015-12154

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю нарушить доступность информации

Severity: MEDIUM (4.0)
References:
Published: 2016-01-19

BDU:2016-00163

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.0)
References:
Published: 2016-01-19

BDU:2016-00166

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.8)
References:
Published: 2016-01-19

BDU:2016-00168

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.2)
References:
Published: 2016-01-19

BDU:2016-00171

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.0)
References:
Published: 2016-01-19

BDU:2016-00172

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.0)
References:
Published: 2016-01-19

BDU:2016-00173

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Severity: LOW (3.5)
References:
Published: 2016-01-19

BDU:2016-00175

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать частичный отказ в обслуживании

Severity: LOW (3.5)
References:
Published: 2016-01-19

BDU:2016-00178

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю модифицировать данные

Severity: LOW (3.5)
References:
Published: 2016-01-19

BDU:2016-00180

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Severity: LOW (3.5)
References:
Published: 2016-01-19

BDU:2016-00181

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Severity: LOW (1.7)
References:
Published: 2016-01-19

BDU:2016-00184

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.0)
References:
Published: 2016-04-21

BDU:2016-01098

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на доступность информации

Severity: LOW (3.5)
References:
Published: 2016-04-21

BDU:2016-01110

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на доступность информации

Severity: LOW (3.5)
References:
Published: 2016-04-21

BDU:2016-01111

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на доступность информации

Severity: MEDIUM (4.0)
References:
Published: 2016-04-21

BDU:2016-01112

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на доступность информации

Severity: MEDIUM (4.0)
References:
Published: 2016-04-21

BDU:2016-01113

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на доступность информации

Severity: MEDIUM (4.0)
References:
Published: 2016-04-21

BDU:2016-01114

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на доступность информации

Severity: MEDIUM (4.0)
References:
Published: 2016-04-21

BDU:2016-01115

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на доступность информации

Severity: MEDIUM (4.0)
References:
Published: 2016-04-21

BDU:2016-01116

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на доступность информации

Severity: MEDIUM (4.0)
References:
Published: 2016-04-21

BDU:2016-01117

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на конфиденциальность информации

Severity: MEDIUM (4.0)
References:
Published: 2016-04-21

BDU:2016-01118

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на целостность и доступность информации

Severity: MEDIUM (4.3)
References:
Published: 2016-04-21

BDU:2016-01119

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на конфиденциальность информации

Severity: MEDIUM (4.9)
References:
Published: 2016-04-21

BDU:2016-01120

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на целостность и доступность информации

Severity: MEDIUM (4.9)
References:
Published: 2013-04-17
Modified: 2024-11-21

CVE-2013-1502

Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.

Severity: LOW (1.5)
References:
Published: 2013-04-17
Modified: 2024-11-21

CVE-2013-1511

Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Severity: LOW (3.5)
References:
Published: 2013-04-17
Modified: 2024-11-21

CVE-2013-1532

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema.

Severity: MEDIUM (4.0)
References:
Published: 2013-04-17
Modified: 2024-11-21

CVE-2013-1544

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.

Severity: MEDIUM (4.0)
References:
Published: 2013-03-29
Modified: 2024-11-21

CVE-2013-1861

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.

Severity: MEDIUM (5.0)
References:
Published: 2013-04-17
Modified: 2024-11-21

CVE-2013-2375

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

Severity: MEDIUM (6.5)
References:
Published: 2013-04-17
Modified: 2024-11-21

CVE-2013-2376

Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.

Severity: MEDIUM (4.0)
References:
Published: 2013-04-17
Modified: 2024-11-21

CVE-2013-2391

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.

Severity: LOW (3.0)
References:
Published: 2013-04-17
Modified: 2024-11-21

CVE-2013-2392

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Severity: MEDIUM (4.0)
References:
Published: 2013-07-17
Modified: 2024-11-21

CVE-2013-3783

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.

Severity: MEDIUM (4.0)
References:
Published: 2013-07-17
Modified: 2024-11-21

CVE-2013-3793

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.

Severity: MEDIUM (4.0)
References:
Published: 2013-07-17
Modified: 2024-11-21

CVE-2013-3794

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.

Severity: MEDIUM (4.0)
References:
Published: 2013-07-17
Modified: 2024-11-21

CVE-2013-3801

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.

Severity: MEDIUM (5.0)
References:
Published: 2013-07-17
Modified: 2024-11-21

CVE-2013-3802

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.

Severity: MEDIUM (4.0)
References:
Published: 2013-07-17
Modified: 2024-11-21

CVE-2013-3804

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Severity: MEDIUM (4.0)
References:
Published: 2013-07-17
Modified: 2024-11-21

CVE-2013-3805

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.

Severity: MEDIUM (4.0)
References:
Published: 2013-07-17
Modified: 2024-11-21

CVE-2013-3808

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.

Severity: MEDIUM (4.0)
References:
Published: 2013-07-17
Modified: 2024-11-21

CVE-2013-3809

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.

Severity: MEDIUM (4.0)
References:
Published: 2013-07-17
Modified: 2024-11-21

CVE-2013-3812

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.

Severity: LOW (3.5)
References:
Published: 2013-10-16
Modified: 2024-11-21

CVE-2013-3839

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Severity: MEDIUM (4.0)
References:
Published: 2013-10-16
Modified: 2024-11-21

CVE-2013-5807

Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.

Severity: MEDIUM (4.9)
References:
Published: 2014-01-15
Modified: 2024-11-21

CVE-2013-5891

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.

Severity: MEDIUM (4.0)
References:
Published: 2014-01-15
Modified: 2024-11-21

CVE-2013-5908

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.

Severity: LOW (2.6)
References:
Published: 2014-02-01
Modified: 2024-11-21

CVE-2014-0001

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.

Severity: HIGH (7.5)
References:
Published: 2014-04-16
Modified: 2024-11-21

CVE-2014-0384

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.

Severity: MEDIUM (4.0)
References:
Published: 2014-01-15
Modified: 2024-11-21

CVE-2014-0386

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Severity: MEDIUM (4.0)
References:
Published: 2014-01-15
Modified: 2024-11-21

CVE-2014-0393

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.

Severity: LOW (3.3)
References:
Published: 2014-01-15
Modified: 2024-11-21

CVE-2014-0401

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.

Severity: MEDIUM (4.0)
References:
Published: 2014-01-15
Modified: 2024-11-21

CVE-2014-0402

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.

Severity: MEDIUM (4.0)
References:
Published: 2014-01-15
Modified: 2024-11-21

CVE-2014-0412

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Severity: MEDIUM (4.0)
References:
Published: 2014-01-15
Modified: 2024-11-21

CVE-2014-0420

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.

Severity: LOW (2.8)
References:
Published: 2014-01-15
Modified: 2024-11-21

CVE-2014-0437

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Severity: LOW (3.5)
References:
Published: 2014-04-16
Modified: 2024-11-21

CVE-2014-2419

Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.

Severity: MEDIUM (4.0)
References:
Published: 2014-04-16
Modified: 2024-11-21

CVE-2014-2430

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.

Severity: LOW (3.5)
References:
Published: 2014-04-16
Modified: 2024-11-21

CVE-2014-2431

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.

Severity: LOW (2.6)
References:
Published: 2014-04-16
Modified: 2024-11-21

CVE-2014-2432

Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.

Severity: LOW (2.8)
References:
Published: 2014-04-16
Modified: 2024-11-21

CVE-2014-2436

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.

Severity: MEDIUM (6.5)
References:
Published: 2014-04-16
Modified: 2024-11-21

CVE-2014-2438

Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.

Severity: LOW (3.5)
References:
Published: 2014-04-16
Modified: 2024-11-21

CVE-2014-2440

Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Severity: MEDIUM (5.1)
References:
Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-2494

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.

Severity: MEDIUM (4.0)
References:
Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-4207

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.

Severity: MEDIUM (4.0)
References:
Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-4243

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.

Severity: LOW (2.8)
References:
Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-4258

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.

Severity: MEDIUM (6.5)
References:
Published: 2014-07-17
Modified: 2024-11-21

CVE-2014-4260

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.

Severity: MEDIUM (5.5)
References:
Published: 2014-10-15
Modified: 2024-11-21

CVE-2014-4274

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM.

Severity: MEDIUM (4.1)
References:
Published: 2014-10-15
Modified: 2024-11-21

CVE-2014-4287

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.

Severity: MEDIUM (4.0)
References:
Published: 2014-10-15
Modified: 2024-11-21

CVE-2014-6463

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.

Severity: LOW (3.3)
References:
Published: 2014-10-15
Modified: 2024-11-21

CVE-2014-6464

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.

Severity: MEDIUM (4.0)
References:
Published: 2014-10-15
Modified: 2024-11-21

CVE-2014-6469

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.

Severity: MEDIUM (6.8)
References:
Published: 2014-10-15
Modified: 2024-11-21

CVE-2014-6478

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.

Severity: MEDIUM (4.3)
References:
Published: 2014-10-15
Modified: 2024-11-21

CVE-2014-6484

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML.

Severity: MEDIUM (4.0)
References:
Published: 2014-10-16
Modified: 2024-11-21

CVE-2014-6491

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500.

Severity: HIGH (7.5)
References:
Published: 2014-10-16
Modified: 2024-11-21

CVE-2014-6494

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496.

Severity: MEDIUM (4.3)
References:
Published: 2014-10-16
Modified: 2024-11-21

CVE-2014-6495

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.

Severity: MEDIUM (4.3)
References:
Published: 2014-10-16
Modified: 2024-11-21

CVE-2014-6496

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.

Severity: MEDIUM (4.3)
References:
Published: 2014-10-16
Modified: 2024-11-21

CVE-2014-6500

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491.

Severity: HIGH (7.5)
References:
Published: 2014-10-16
Modified: 2024-11-21

CVE-2014-6505

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.

Severity: MEDIUM (4.0)
References:
Published: 2014-10-16
Modified: 2024-11-21

CVE-2014-6507

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.

Severity: MEDIUM (4.3)
References:
Published: 2014-10-16
Modified: 2024-11-21

CVE-2014-6520

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.

Severity: MEDIUM (4.0)
References:
Published: 2014-10-16
Modified: 2024-11-21

CVE-2014-6530

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP.

Severity: MEDIUM (6.5)
References:
Published: 2014-10-16
Modified: 2024-11-21

CVE-2014-6551

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.

Severity: LOW (2.1)
References:
Published: 2014-10-16
Modified: 2024-11-21

CVE-2014-6555

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.

Severity: MEDIUM (6.5)
References:
Published: 2014-10-16
Modified: 2024-11-21

CVE-2014-6559

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.

Severity: MEDIUM (4.3)
References:
Published: 2015-01-21
Modified: 2024-11-21

CVE-2014-6568

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.

Severity: LOW (3.5)
References:
Published: 2015-01-21
Modified: 2024-11-21

CVE-2015-0374

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.

Severity: LOW (3.5)
References:
Published: 2015-01-21
Modified: 2024-11-21

CVE-2015-0381

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.

Severity: MEDIUM (4.3)
References:
Published: 2015-01-21
Modified: 2024-11-21

CVE-2015-0382

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.

Severity: MEDIUM (4.3)
References:
Published: 2015-01-21
Modified: 2024-11-21

CVE-2015-0391

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

Severity: MEDIUM (4.0)
References:
Published: 2015-01-21
Modified: 2024-11-21

CVE-2015-0411

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.

Severity: HIGH (7.5)
References:
Published: 2015-01-21
Modified: 2024-11-21

CVE-2015-0432

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.

Severity: MEDIUM (4.0)
References:
Published: 2015-04-16
Modified: 2024-11-21

CVE-2015-0433

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.

Severity: MEDIUM (4.0)
References:
Published: 2015-04-16
Modified: 2024-11-21

CVE-2015-0441

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.

Severity: MEDIUM (4.0)
References:
Published: 2015-04-16
Modified: 2024-11-21

CVE-2015-0499

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.

Severity: LOW (3.5)
References:
Published: 2015-04-16
Modified: 2024-11-21

CVE-2015-0501

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.

Severity: MEDIUM (5.7)
References:
Published: 2015-04-16
Modified: 2024-11-21

CVE-2015-0505

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

Severity: LOW (3.5)
References:
Published: 2015-04-16
Modified: 2024-11-21

CVE-2015-2568

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.

Severity: MEDIUM (5.0)
References:
Published: 2015-04-16
Modified: 2024-11-21

CVE-2015-2571

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

Severity: MEDIUM (4.0)
References:
Published: 2015-04-16
Modified: 2024-11-21

CVE-2015-2573

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

Severity: MEDIUM (4.0)
References:
Published: 2015-07-16
Modified: 2024-11-21

CVE-2015-2582

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

Severity: MEDIUM (4.0)
References:
Published: 2015-07-16
Modified: 2024-11-21

CVE-2015-2611

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.

Severity: MEDIUM (4.0)
References:
Published: 2015-07-16
Modified: 2024-11-21

CVE-2015-2620

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.

Severity: MEDIUM (4.3)
References:
Published: 2015-07-16
Modified: 2024-11-21

CVE-2015-2643

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

Severity: MEDIUM (4.0)
References:
Published: 2015-07-16
Modified: 2024-11-21

CVE-2015-2648

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.

Severity: MEDIUM (4.0)
References:
Published: 2015-07-16
Modified: 2024-11-21

CVE-2015-4737

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.

Severity: LOW (3.5)
References:
Published: 2015-07-16
Modified: 2024-11-21

CVE-2015-4752

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.

Severity: MEDIUM (4.0)
References:
Published: 2015-07-16
Modified: 2024-11-21

CVE-2015-4757

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

Severity: LOW (3.5)
References:
Published: 2015-10-22
Modified: 2024-11-21

CVE-2015-4792

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.

Severity: LOW (1.7)
References:
Published: 2015-10-22
Modified: 2024-11-21

CVE-2015-4802

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.

Severity: MEDIUM (4.0)
References:
Published: 2015-10-22
Modified: 2024-11-21

CVE-2015-4807

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache.

Severity: LOW (3.5)
References:
Published: 2015-10-22
Modified: 2024-11-21

CVE-2015-4815

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.

Severity: MEDIUM (4.0)
References:
Published: 2015-10-22
Modified: 2024-11-21

CVE-2015-4816

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

Severity: MEDIUM (4.0)
References:
Published: 2015-10-22
Modified: 2024-11-21

CVE-2015-4819

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.

Severity: HIGH (7.2)
References:
Published: 2015-10-22
Modified: 2024-11-21

CVE-2015-4826

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.

Severity: MEDIUM (4.0)
References:
Published: 2015-10-22
Modified: 2024-11-21

CVE-2015-4830

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.

Severity: MEDIUM (4.0)
References:
Published: 2015-10-22
Modified: 2024-11-21

CVE-2015-4836

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.

Severity: LOW (2.8)
References:
Published: 2015-10-22
Modified: 2024-11-21

CVE-2015-4858

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.

Severity: MEDIUM (4.0)
References:
Published: 2015-10-22
Modified: 2024-11-21

CVE-2015-4861

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

Severity: LOW (3.5)
References:
Published: 2015-10-22
Modified: 2024-11-21

CVE-2015-4864

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.

Severity: LOW (3.5)
References:
Published: 2015-10-22
Modified: 2024-11-21

CVE-2015-4870

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.

Severity: MEDIUM (4.0)
References:
Published: 2015-10-22
Modified: 2024-11-21

CVE-2015-4879

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.

Severity: MEDIUM (4.6)
References:
Published: 2015-10-22
Modified: 2024-11-21

CVE-2015-4913

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.

Severity: LOW (3.5)
References:
Published: 2016-01-21
Modified: 2024-11-21

CVE-2016-0502

Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2016-01-21
Modified: 2024-11-21

CVE-2016-0505

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.

Severity: MEDIUM (6.8)
References:
Published: 2016-01-21
Modified: 2024-11-21

CVE-2016-0546

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.

Severity: HIGH (7.2)
References:
Published: 2016-01-21
Modified: 2024-11-21

CVE-2016-0596

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.

Severity: MEDIUM (4.0)
References:
Published: 2016-01-21
Modified: 2024-11-21

CVE-2016-0597

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Severity: MEDIUM (4.0)
References:
Published: 2016-01-21
Modified: 2024-11-21

CVE-2016-0598

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.

Severity: LOW (3.5)
References:
Published: 2016-01-21
Modified: 2024-11-21

CVE-2016-0600

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Severity: LOW (3.5)
References:
Published: 2016-01-21
Modified: 2024-11-21

CVE-2016-0606

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.

Severity: LOW (3.5)
References:
Published: 2016-01-21
Modified: 2024-11-21

CVE-2016-0608

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.

Severity: LOW (3.5)
References:
Published: 2016-01-21
Modified: 2024-11-21

CVE-2016-0609

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.

Severity: LOW (1.7)
References:
Published: 2016-01-21
Modified: 2024-11-21

CVE-2016-0616

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Severity: MEDIUM (4.0)
References:
Published: 2016-04-21
Modified: 2024-11-21

CVE-2016-0640

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.

Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
References:
Published: 2016-04-21
Modified: 2024-11-21

CVE-2016-0641

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.

Severity: MEDIUM (5.1) Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
References:
Published: 2016-04-21
Modified: 2024-11-21

CVE-2016-0642

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.

Severity: MEDIUM (4.7) Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H
References:
Published: 2016-04-21
Modified: 2024-11-21

CVE-2016-0643

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.

Severity: LOW (3.3) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2016-04-21
Modified: 2024-11-21

CVE-2016-0644

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2016-04-21
Modified: 2024-11-21

CVE-2016-0646

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2016-04-21
Modified: 2024-11-21

CVE-2016-0647

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2016-04-21
Modified: 2024-11-21

CVE-2016-0648

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2016-04-21
Modified: 2024-11-21

CVE-2016-0649

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2016-04-21
Modified: 2024-11-21

CVE-2016-0650

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2016-04-21
Modified: 2024-11-21

CVE-2016-0651

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2016-04-21
Modified: 2024-11-21

CVE-2016-0666

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2016-01-27
Modified: 2024-11-21

CVE-2016-2047

The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."

Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
References:
Published: 2016-07-21
Modified: 2024-11-21

CVE-2016-3452

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.

Severity: LOW (3.7) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2016-07-21
Modified: 2024-11-21

CVE-2016-3471

Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
References:
Published: 2016-07-21
Modified: 2024-11-21

CVE-2016-3477

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.

Severity: HIGH (8.1) Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
References:
Published: 2016-10-25
Modified: 2024-11-21

CVE-2016-3492

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2016-07-21
Modified: 2024-11-21

CVE-2016-3521

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2016-07-21
Modified: 2024-11-21

CVE-2016-3615

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2016-07-21
Modified: 2024-11-21

CVE-2016-5440

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.

Severity: MEDIUM (4.9) Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2016-07-21
Modified: 2024-11-21

CVE-2016-5444

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.

Severity: LOW (3.7) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2016-10-25
Modified: 2024-11-21

CVE-2016-5584

Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.

Severity: MEDIUM (4.4) Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2016-10-25
Modified: 2024-11-21

CVE-2016-5612

Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2016-10-25
Modified: 2024-11-21

CVE-2016-5624

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2016-10-25
Modified: 2024-11-21

CVE-2016-5626

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2016-10-25
Modified: 2024-11-21

CVE-2016-5629

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.

Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2016-09-20
Modified: 2024-11-21

CVE-2016-6662

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2016-12-14
Modified: 2024-11-21

CVE-2016-6663

Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.

Severity: HIGH (7.0) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2016-12-14
Modified: 2024-11-21

CVE-2016-6664

mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.

Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2016-12-13
Modified: 2024-11-21

CVE-2016-7440

The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2016-10-25
Modified: 2024-11-21

CVE-2016-8283

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.

Severity: MEDIUM (4.3) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
References:

ALT-PU-2016-2260-1

Package bind updated to version 9.9.8-alt4.M70C.1 for branch c7 in task 171748.

Closed vulnerabilities

Published: 2016-02-11

BDU:2020-00776

Уязвимость сервера DNS BIND, связанная с ошибками обработки данных, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2013-03-28
Modified: 2024-11-21

CVE-2013-2266

libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.

Severity: HIGH (7.8)
References:
Published: 2013-06-06
Modified: 2024-11-21

CVE-2013-3919

resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone.

Severity: HIGH (7.8)
References:
Published: 2013-07-29
Modified: 2024-11-21

CVE-2013-4854

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.

Severity: HIGH (7.8)
References:
Published: 2013-11-08
Modified: 2024-11-21

CVE-2013-6230

The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9 before 9.9.4-P1, 9.9.3-S1, 9.9.4-S1, and other products, does not properly support the SIO_GET_INTERFACE_LIST command for netmask 255.255.255.255, which allows remote attackers to bypass intended IP address restrictions by leveraging misinterpretation of this netmask as a 0.0.0.0 netmask.

Severity: MEDIUM (6.8)
References:
Published: 2014-12-11
Modified: 2024-11-21

CVE-2014-8500

ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.

Severity: HIGH (7.8)
References:
Published: 2015-02-19
Modified: 2024-11-21

CVE-2015-1349

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.

Severity: MEDIUM (5.4)
References:
Published: 2015-07-08
Modified: 2024-11-21

CVE-2015-4620

name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.

Severity: HIGH (7.8)
References:
Published: 2015-07-29
Modified: 2024-11-21

CVE-2015-5477

named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.

Severity: HIGH (7.8)
References:
Published: 2016-09-28
Modified: 2024-11-21

CVE-2016-2776

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2016-11-02
Modified: 2024-11-21

CVE-2016-8864

named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:

Closed bugs

Bug #28034

bind: Необходимо обеспечить совместимость службы с systemd

Bug #30398

[DNS Amplification Attacks] Включить поддержку DNS RRL (доступно, начиная с 9.9.4 и 9.10.x)

Bug #31701

[Feature Request] Собрать bind с опцией --enable-fetchlimit

ALT-PU-2016-2261-1

Package dhcp updated to version 4.3.3-alt1.M70C.1 for branch c7 in task 171748.

Closed vulnerabilities

Published: 2014-01-06

BDU:2015-09739

Уязвимость операционной системы Gentoo Linux, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (4.9)
References:
Published: 2013-03-28
Modified: 2024-11-21

CVE-2013-2494

libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266.

Severity: MEDIUM (4.9)
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top