All errata/p8/ALT-PU-2017-1409-1
ALT-PU-2017-1409-1

Package update MySQL in branch p8

Version5.5.54-alt0.M80P.1
Task#181264
Published2017-04-03
Max severityCRITICAL
Severity:

Closed issues (116)

BDU:2015-11050
MEDIUM4.0

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю нарушить доступность защищаемой информации

Published: 2015-08-25Modified: 2021-03-23
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
BDU:2015-11831
LOW3.5

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2015-11-05Modified: 2021-03-23
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
References
BDU:2015-11860
MEDIUM4.6

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю получить доступ к системе управления базами данных или выполнить произвольный код

Published: 2015-11-05Modified: 2021-03-23
CVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:N/AC:H/Au:S/C:P/I:P/A:P
References
BDU:2015-11868
MEDIUM4.0

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2015-11-05Modified: 2021-03-23
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
BDU:2015-11874
LOW3.5

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю изменять данные

Published: 2015-11-05Modified: 2021-03-23
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:N
References
BDU:2015-11877
LOW3.5

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2015-11-05Modified: 2021-03-23
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
References
BDU:2015-11880
MEDIUM4.0

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2015-11-05Modified: 2021-03-23
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
BDU:2015-11898
LOW2.8

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2015-11-05Modified: 2021-03-23
CVSS 2.0LOW 2.8
CVSS:2.0/AV:N/AC:M/Au:M/C:N/I:N/A:P
References
BDU:2015-11904
MEDIUM4.0

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю изменять данные

Published: 2015-11-05Modified: 2021-03-23
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N
References
BDU:2015-11905
MEDIUM4.0

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю выполнить несанкционированное чтение данных

Published: 2015-11-05Modified: 2021-03-23
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N
References
BDU:2015-11909
HIGH7.2

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю получить доступ к MySQL Server или выполнить произвольный код

Published: 2015-11-05Modified: 2021-03-23
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2015-11911
MEDIUM4.0

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2015-11-05Modified: 2021-03-23
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
BDU:2015-11912
MEDIUM4.0

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2015-11-05Modified: 2021-03-23
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
BDU:2015-11918
LOW3.5

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2015-11-05Modified: 2021-03-23
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
References
BDU:2015-11922
MEDIUM4.0

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2015-11-05Modified: 2021-03-23
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
BDU:2015-11930
LOW1.7

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2015-11-05Modified: 2021-03-23
CVSS 2.0LOW 1.7
CVSS:2.0/AV:N/AC:H/Au:M/C:N/I:N/A:P
References
BDU:2015-12154
MEDIUM4.0

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю нарушить доступность информации

Published: 2015-12-15Modified: 2021-03-23
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
BDU:2016-00166
MEDIUM6.8

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2016-01-26Modified: 2021-03-23
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C
References
BDU:2016-00168
HIGH7.2

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю выполнить произвольный код

Published: 2016-01-26Modified: 2021-03-23
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2016-00171
MEDIUM4.0

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2016-01-26Modified: 2021-03-23
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
BDU:2016-00172
MEDIUM4.0

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2016-01-26Modified: 2021-03-23
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
BDU:2016-00173
LOW3.5

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2016-01-26Modified: 2021-03-23
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
References
BDU:2016-00175
LOW3.5

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать частичный отказ в обслуживании

Published: 2016-01-26Modified: 2021-03-23
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
References
BDU:2016-00178
LOW3.5

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю модифицировать данные

Published: 2016-01-26Modified: 2021-03-23
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:N
References
BDU:2016-00180
LOW3.5

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2016-01-26Modified: 2021-03-23
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
References
BDU:2016-00181
LOW1.7

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2016-01-26Modified: 2021-03-23
CVSS 2.0LOW 1.7
CVSS:2.0/AV:N/AC:H/Au:M/C:N/I:N/A:P
References
BDU:2016-00184
MEDIUM4.0

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2016-01-26Modified: 2021-03-23
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
BDU:2016-01098
LOW3.5

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на доступность информации

Published: 2016-05-10Modified: 2021-03-23
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
References
BDU:2016-01110
LOW3.5

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на доступность информации

Published: 2016-05-10Modified: 2021-03-23
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
References
BDU:2016-01111
MEDIUM4.0

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на доступность информации

Published: 2016-05-10Modified: 2021-03-23
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
BDU:2016-01112
MEDIUM4.0

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на доступность информации

Published: 2016-05-10Modified: 2021-03-23
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
BDU:2016-01113
MEDIUM4.0

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на доступность информации

Published: 2016-05-10Modified: 2021-03-23
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
BDU:2016-01114
MEDIUM4.0

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на доступность информации

Published: 2016-05-10Modified: 2021-03-23
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
BDU:2016-01115
MEDIUM4.0

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на доступность информации

Published: 2016-05-10Modified: 2021-03-23
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
BDU:2016-01116
MEDIUM4.0

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на доступность информации

Published: 2016-05-10Modified: 2021-03-23
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
BDU:2016-01117
MEDIUM4.0

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на конфиденциальность информации

Published: 2016-05-05Modified: 2021-03-23
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N
References
BDU:2016-01118
MEDIUM4.3

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на целостность и доступность информации

Published: 2016-05-05Modified: 2021-03-23
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:M/C:N/I:P/A:P
References
BDU:2016-01119
MEDIUM4.9

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на конфиденциальность информации

Published: 2016-05-05Modified: 2021-03-23
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:N/A:P
References
BDU:2016-01120
MEDIUM4.9

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю повлиять на целостность и доступность информации

Published: 2016-05-05Modified: 2021-03-23
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:P
References
BDU:2017-00232
MEDIUM4.0

Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2017-02-09Modified: 2021-03-23
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
BDU:2017-00239
MEDIUM4.0

Уязвимость компонента Server: DML системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2017-02-09Modified: 2021-03-23
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
BDU:2017-00240
LOW3.5

Уязвимость компонента Server: Charsets системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2017-02-09Modified: 2021-03-23
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
References
BDU:2017-00243
MEDIUM4.0

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2017-02-09Modified: 2021-03-23
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
CVE-2015-2582
MEDIUM4.0

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

Published: 2015-07-16Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
CVE-2015-2611
MEDIUM4.0

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.

Published: 2015-07-16Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
CVE-2015-2620
MEDIUM4.3

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.

Published: 2015-07-16Modified: 2025-04-12
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N
References
CVE-2015-2643
MEDIUM4.0

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

Published: 2015-07-16Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
CVE-2015-2648
MEDIUM4.0

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.

Published: 2015-07-16Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
CVE-2015-4737
LOW3.5

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.

Published: 2015-07-16Modified: 2025-04-12
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:N/A:N
References
CVE-2015-4752
MEDIUM4.0

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.

Published: 2015-07-16Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
CVE-2015-4792
LOW1.7

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.

Published: 2015-10-21Modified: 2025-04-12
CVSS 2.0LOW 1.7
CVSS:2.0/AV:N/AC:H/Au:M/C:N/I:N/A:P
References
CVE-2015-4802
MEDIUM4.0

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.

Published: 2015-10-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
CVE-2015-4807
LOW3.5

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache.

Published: 2015-10-21Modified: 2025-04-12
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
References
CVE-2015-4815
MEDIUM4.0

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.

Published: 2015-10-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
CVE-2015-4816
MEDIUM4.0

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

Published: 2015-10-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
CVE-2015-4819
HIGH7.2

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.

Published: 2015-10-21Modified: 2025-04-12
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
References
CVE-2015-4826
MEDIUM4.0

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.

Published: 2015-10-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N
References
CVE-2015-4830
MEDIUM4.0

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.

Published: 2015-10-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N
References
CVE-2015-4836
LOW2.8

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.

Published: 2015-10-21Modified: 2025-04-12
CVSS 2.0LOW 2.8
CVSS:2.0/AV:N/AC:M/Au:M/C:N/I:N/A:P
References
CVE-2015-4858
MEDIUM4.0

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.

Published: 2015-10-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
CVE-2015-4861
LOW3.5

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

Published: 2015-10-21Modified: 2025-04-12
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
References
CVE-2015-4864
LOW3.5

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.

Published: 2015-10-21Modified: 2025-04-12
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:N
References
CVE-2015-4870
MEDIUM4.0

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.

Published: 2015-10-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
CVE-2015-4879
MEDIUM4.6

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.

Published: 2015-10-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:N/AC:H/Au:S/C:P/I:P/A:P
References
CVE-2015-4913
LOW3.5

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.

Published: 2015-10-22Modified: 2025-04-12
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
References
CVE-2016-0505
MEDIUM6.8

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.

Published: 2016-01-21Modified: 2025-04-12
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C
References
CVE-2016-0546
HIGH7.2

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.

Published: 2016-01-21Modified: 2025-04-12
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
References
CVE-2016-0596
MEDIUM4.0

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.

Published: 2016-01-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
CVE-2016-0597
MEDIUM4.0

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Published: 2016-01-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
CVE-2016-0598
LOW3.5

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.

Published: 2016-01-21Modified: 2025-04-12
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
References
CVE-2016-0600
LOW3.5

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Published: 2016-01-21Modified: 2025-04-12
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
References
CVE-2016-0606
LOW3.5

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.

Published: 2016-01-21Modified: 2025-04-12
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:N
References
CVE-2016-0608
LOW3.5

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.

Published: 2016-01-21Modified: 2025-04-12
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
References
CVE-2016-0609
LOW1.7

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.

Published: 2016-01-21Modified: 2025-04-12
CVSS 2.0LOW 1.7
CVSS:2.0/AV:N/AC:H/Au:M/C:N/I:N/A:P
References
CVE-2016-0616
MEDIUM4.0

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Published: 2016-01-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
References
CVE-2016-0640
MEDIUM6.1

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.

Published: 2016-04-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:P
CVSS 3.xMEDIUM 6.1
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
References
CVE-2016-0641
MEDIUM5.1

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.

Published: 2016-04-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:N/A:P
CVSS 3.xMEDIUM 5.1
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
References
CVE-2016-0642
MEDIUM4.7

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.

Published: 2016-04-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:M/C:N/I:P/A:P
CVSS 3.xMEDIUM 4.7
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H
References
CVE-2016-0643
LOW3.3

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.

Published: 2016-04-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS 3.xLOW 3.3
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References
CVE-2016-0644
MEDIUM5.5

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.

Published: 2016-04-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2016-0646
MEDIUM5.5

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.

Published: 2016-04-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2016-0647
MEDIUM5.5

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.

Published: 2016-04-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2016-0648
MEDIUM5.5

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.

Published: 2016-04-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2016-0649
MEDIUM5.5

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.

Published: 2016-04-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2016-0650
MEDIUM5.5

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.

Published: 2016-04-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2016-0651
MEDIUM5.5

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.

Published: 2016-04-21Modified: 2025-04-12
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2016-0666
MEDIUM5.5

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.

Published: 2016-04-21Modified: 2025-04-12
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2016-2047
MEDIUM5.9

The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."

Published: 2016-01-27Modified: 2025-04-12
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS 3.xMEDIUM 5.9
CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
References
CVE-2016-3452
LOW3.7

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.

Published: 2016-07-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS 3.xLOW 3.7
CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
References
CVE-2016-3471
HIGH7.5

Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.

Published: 2016-07-21Modified: 2025-04-12
CVSS 2.0MEDIUM 6.2
CVSS:2.0/AV:L/AC:H/Au:N/C:C/I:C/A:C
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
References
CVE-2016-3477
HIGH8.1

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.

Published: 2016-07-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.1
CVSS:2.0/AV:L/AC:M/Au:S/C:P/I:P/A:P
CVSS 3.xHIGH 8.1
CVSS:3.x/CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
References
CVE-2016-3492
MEDIUM6.5

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

Published: 2016-10-25Modified: 2025-04-12
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2016-3521
MEDIUM6.5

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.

Published: 2016-07-21Modified: 2025-04-12
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2016-3615
MEDIUM5.3

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.

Published: 2016-07-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS 3.xMEDIUM 5.3
CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2016-5440
MEDIUM4.9

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.

Published: 2016-07-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS 3.xMEDIUM 4.9
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References
CVE-2016-5444
LOW3.7

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.

Published: 2016-07-21Modified: 2025-04-12
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS 3.xLOW 3.7
CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
References
CVE-2016-5584
MEDIUM4.4

Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.

Published: 2016-10-25Modified: 2025-04-12
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:N/A:N
CVSS 3.xMEDIUM 4.4
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
References
CVE-2016-5612
MEDIUM6.5

Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.

Published: 2016-10-25Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2016-5624
MEDIUM6.5

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.

Published: 2016-10-25Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2016-5626
MEDIUM6.5

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

Published: 2016-10-25Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2016-5629
MEDIUM4.9

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.

Published: 2016-10-25Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS 3.xMEDIUM 4.9
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References
CVE-2016-6662
CRITICAL9.8

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.

Published: 2016-09-20Modified: 2025-04-12
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
CVE-2016-6663
HIGH7.0

Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.

Published: 2016-12-13Modified: 2025-04-12
CVSS 2.0MEDIUM 4.4
CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSS 3.xHIGH 7.0
CVSS:3.x/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References
CVE-2016-6664
HIGH7.0

mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.

Published: 2016-12-13Modified: 2025-04-12
CVSS 2.0MEDIUM 6.9
CVSS:2.0/AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS 3.xHIGH 7.0
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References
CVE-2016-7440
MEDIUM5.5

The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.

Published: 2016-12-13Modified: 2025-04-12
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References
CVE-2016-8283
MEDIUM4.3

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.

Published: 2016-10-25Modified: 2025-04-12
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
References
CVE-2017-3238
MEDIUM6.5

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).

Published: 2017-01-27Modified: 2025-04-20
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2017-3243
MEDIUM4.4

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).

Published: 2017-01-27Modified: 2025-04-20
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P
CVSS 3.xMEDIUM 4.4
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
References
CVE-2017-3244
MEDIUM6.5

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).

Published: 2017-01-27Modified: 2025-04-20
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2017-3258
MEDIUM6.5

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).

Published: 2017-01-27Modified: 2025-04-20
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2017-3265
MEDIUM5.6

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).

Published: 2017-01-27Modified: 2025-04-20
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:N/A:P
CVSS 3.xMEDIUM 5.6
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H
References
CVE-2017-3291
MEDIUM6.3

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts).

Published: 2017-01-27Modified: 2025-04-20
CVSS 2.0LOW 3.5
CVSS:2.0/AV:L/AC:H/Au:S/C:P/I:P/A:P
CVSS 3.xMEDIUM 6.3
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
References
CVE-2017-3312
MEDIUM6.7

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).

Published: 2017-01-27Modified: 2025-04-20
CVSS 2.0LOW 3.5
CVSS:2.0/AV:L/AC:H/Au:S/C:P/I:P/A:P
CVSS 3.xMEDIUM 6.7
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
References
CVE-2017-3313
MEDIUM4.7

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).

Published: 2017-01-27Modified: 2025-04-20
CVSS 2.0LOW 1.5
CVSS:2.0/AV:L/AC:M/Au:S/C:P/I:N/A:N
CVSS 3.xMEDIUM 4.7
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
References
CVE-2017-3317
MEDIUM4.0

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).

Published: 2017-01-27Modified: 2025-04-20
CVSS 2.0LOW 1.5
CVSS:2.0/AV:L/AC:M/Au:S/C:N/I:N/A:P
CVSS 3.xMEDIUM 4.0
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
References
CVE-2017-3318
MEDIUM4.0

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).

Published: 2017-01-27Modified: 2025-04-20
CVSS 2.0LOW 1.0
CVSS:2.0/AV:L/AC:H/Au:S/C:P/I:N/A:N
CVSS 3.xMEDIUM 4.0
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
References

Closed bugs (1)

Bug #32758

не запускается после обновления