ALT-PU-2016-2285-1

BDU:2017-01148

MEDIUM6.0

Уязвимость системы управления базами данных MySQL, позволяющая злоумышленнику нарушить конфиденциальность информации

Опубликовано: 2017-05-15Изменено: 2021-03-23

CVSS 2.0СРЕДНЯЯ 6.0

CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:P/A:P

Ссылки

CVE-2016-3477

HIGH8.1

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.

Опубликовано: 2016-07-21Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 4.1

CVSS:2.0/AV:L/AC:M/Au:S/C:P/I:P/A:P

CVSS 3.xВЫСОКАЯ 8.1

CVSS:3.x/CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Ссылки

CVE-2016-3492

MEDIUM6.5

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

Опубликовано: 2016-10-25Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2016-3521

MEDIUM6.5

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.

Опубликовано: 2016-07-21Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2016-3615

MEDIUM5.3

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.

Опубликовано: 2016-07-21Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 5.3

CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2016-5440

MEDIUM4.9

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.

Опубликовано: 2016-07-21Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2016-5584

MEDIUM4.4

Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.

Опубликовано: 2016-10-25Изменено: 2025-04-12

CVSS 2.0НИЗКАЯ 3.5

CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS 3.xСРЕДНЯЯ 4.4

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Ссылки

CVE-2016-5616

NONE

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

Опубликовано: 2016-10-25Изменено: 2023-11-07

CVE-2016-5624

MEDIUM6.5

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.

Опубликовано: 2016-10-25Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2016-5626

MEDIUM6.5

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

Опубликовано: 2016-10-25Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2016-5629

MEDIUM4.9

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.

Опубликовано: 2016-10-25Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2016-6662

CRITICAL9.8

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.

Опубликовано: 2016-09-20Изменено: 2025-04-12

CVSS 2.0КРИТИЧЕСКАЯ 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS 3.xКРИТИЧЕСКАЯ 9.8

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Ссылки

CVE-2016-6663

HIGH7.0

Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.

Опубликовано: 2016-12-13Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 4.4

CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xВЫСОКАЯ 7.0

CVSS:3.x/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Ссылки

CVE-2016-7440

MEDIUM5.5

The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.

Опубликовано: 2016-12-13Изменено: 2025-04-12

CVSS 2.0НИЗКАЯ 2.1

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Ссылки

CVE-2016-8283

MEDIUM4.3

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.

Опубликовано: 2016-10-25Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.3

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Ссылки

CVE-2017-3600

MEDIUM6.6

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

Опубликовано: 2017-04-24Изменено: 2025-04-20

CVSS 2.0СРЕДНЯЯ 6.0

CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS 3.xСРЕДНЯЯ 6.6

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Ссылки

CVE-2017-3651

MEDIUM4.3

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Опубликовано: 2017-08-08Изменено: 2025-04-20

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS 3.xСРЕДНЯЯ 4.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Ссылки

Обновление пакета mariadb в ветке p8

Закрытые проблемы (17)

Уязвимость системы управления базами данных MySQL, позволяющая злоумышленнику нарушить конфиденциальность информации

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.

Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.

The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.

Закрытые ошибки (3)

Неправильное имя пакета библиотеки

Ошибки при обновлении с p7 до Sisyphus

Не ротейтятся корректно логи