4.0.20;4;0;20;CVE-2004-0457;Candidate;"The mysqlhotcopy script in mysql 4.0.20 and earlier; when using the scp method from the mysql-server package; allows local users to overwrite arbitrary files via a symlink attack on temporary files.";"CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | CONFIRM:http://packages.debian.org/changelogs/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-11/changelog | DEBIAN:DSA-540 | URL:http://www.debian.org/security/2004/dsa-540 | OVAL:oval:org.mitre.oval:def:10693 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10693 | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | XF:mysql-mysqlhotcopy-insecure-file(17030) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17030";Assigned (20040506);"None (candidate not yet proposed)";"" 4.0.20;4;0;20;CVE-2004-0836;Candidate;"Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21; and 3.x before 3.23.49; allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).";"BID:10981 | URL:http://www.securityfocus.com/bid/10981 | BUGTRAQ:20041125 [USN-32-1] mysql vulnerabilities | URL:http://marc.info/?l=bugtraq&m=110140517515735&w=2 | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | CONECTIVA:CLA-2004:892 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892 | DEBIAN:DSA-562 | URL:http://www.debian.org/security/2004/dsa-562 | GENTOO:GLSA-200410-22 | URL:http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml | MISC:http://bugs.mysql.com/bug.php?id=4017 | MISC:http://lists.mysql.com/internals/14726 | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | REDHAT:RHSA-2004:611 | URL:http://www.redhat.com/support/errata/RHSA-2004-611.html | SECUNIA:12305 | URL:http://secunia.com/advisories/12305/ | TRUSTIX:2004-0054 | URL:http://www.trustix.org/errata/2004/0054/ | XF:mysql-realconnect-bo(17047) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17047";Assigned (20040908);"None (candidate not yet proposed)";"" 3.23.48;3;23;48;CVE-2004-0836;Candidate;"Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21; and 3.x before 3.23.49; allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).";"BID:10981 | URL:http://www.securityfocus.com/bid/10981 | BUGTRAQ:20041125 [USN-32-1] mysql vulnerabilities | URL:http://marc.info/?l=bugtraq&m=110140517515735&w=2 | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | CONECTIVA:CLA-2004:892 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892 | DEBIAN:DSA-562 | URL:http://www.debian.org/security/2004/dsa-562 | GENTOO:GLSA-200410-22 | URL:http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml | MISC:http://bugs.mysql.com/bug.php?id=4017 | MISC:http://lists.mysql.com/internals/14726 | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | REDHAT:RHSA-2004:611 | URL:http://www.redhat.com/support/errata/RHSA-2004-611.html | SECUNIA:12305 | URL:http://secunia.com/advisories/12305/ | TRUSTIX:2004-0054 | URL:http://www.trustix.org/errata/2004/0054/ | XF:mysql-realconnect-bo(17047) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17047";Assigned (20040908);"None (candidate not yet proposed)";"" 4.1.9;4;1;9;CVE-2005-0799;Candidate;"MySQL 4.1.9; and possibly earlier versions; allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN.";"BUGTRAQ:20050315 Denial of Service Vulnerability in MySQL Server for Windows | URL:http://marc.info/?l=bugtraq&m=111091250923281&w=2 | CONFIRM:http://bugs.mysql.com/bug.php?id=9148 | SECUNIA:14564 | URL:http://secunia.com/advisories/14564";Assigned (20050320);"None (candidate not yet proposed)";"" 4.1.20;4;1;20;CVE-2006-3469;Candidate;"Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function; which is later used in a formatted print call to display the error message.";"APPLE:APPLE-SA-2007-03-13 | URL:http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html | BID:19032 | URL:http://www.securityfocus.com/bid/19032 | CERT:TA07-072A | URL:http://www.us-cert.gov/cas/techalerts/TA07-072A.html | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html | CONFIRM:http://docs.info.apple.com/article.html?artnum=305214 | DEBIAN:DSA-1112 | URL:http://www.debian.org/security/2006/dsa-1112 | GENTOO:GLSA-200608-09 | URL:http://security.gentoo.org/glsa/glsa-200608-09.xml | MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694 | MISC:http://bugs.mysql.com/bug.php?id=20729 | OVAL:oval:org.mitre.oval:def:9827 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9827 | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | SECUNIA:21147 | URL:http://secunia.com/advisories/21147 | SECUNIA:21366 | URL:http://secunia.com/advisories/21366 | SECUNIA:24479 | URL:http://secunia.com/advisories/24479 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | UBUNTU:USN-321-1 | URL:http://www.ubuntu.com/usn/usn-321-1 | VUPEN:ADV-2007-0930 | URL:http://www.vupen.com/english/advisories/2007/0930";Assigned (20060710);"None (candidate not yet proposed)";"" 4.1.22;4;1;22;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/473874/100/0/threaded | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | MISC:http://bugs.mysql.com/bug.php?id=27515 | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:https://usn.ubuntu.com/528-1/ | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | XF:mysql-renametable-weak-security(34347) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34347";Assigned (20070515);"None (candidate not yet proposed)";"" 5.0.41;5;0;41;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/473874/100/0/threaded | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | MISC:http://bugs.mysql.com/bug.php?id=27515 | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:https://usn.ubuntu.com/528-1/ | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | XF:mysql-renametable-weak-security(34347) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34347";Assigned (20070515);"None (candidate not yet proposed)";"" 5.1.17;5;1;17;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/473874/100/0/threaded | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | MISC:http://bugs.mysql.com/bug.php?id=27515 | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:https://usn.ubuntu.com/528-1/ | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | XF:mysql-renametable-weak-security(34347) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34347";Assigned (20070515);"None (candidate not yet proposed)";"" 5.0.44;5;0;44;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/473874/100/0/threaded | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | MISC:http://bugs.mysql.com/bug.php?id=27515 | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:https://usn.ubuntu.com/528-1/ | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | XF:mysql-renametable-weak-security(34347) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34347";Assigned (20070515);"None (candidate not yet proposed)";"" 5.0.39;5;0;39;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BID:24011 | URL:http://www.securityfocus.com/bid/24011 | BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/473874/100/0/threaded | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | MISC:http://bugs.mysql.com/bug.php?id=27337 | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9166 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | XF:mysql-changedb-privilege-escalation(34348) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34348";Assigned (20070515);"None (candidate not yet proposed)";"" 5.1.17;5;1;17;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BID:24011 | URL:http://www.securityfocus.com/bid/24011 | BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/473874/100/0/threaded | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | MISC:http://bugs.mysql.com/bug.php?id=27337 | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9166 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | XF:mysql-changedb-privilege-escalation(34348) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34348";Assigned (20070515);"None (candidate not yet proposed)";"" 5.0.44;5;0;44;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BID:24011 | URL:http://www.securityfocus.com/bid/24011 | BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/473874/100/0/threaded | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | MISC:http://bugs.mysql.com/bug.php?id=27337 | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9166 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | XF:mysql-changedb-privilege-escalation(34348) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34348";Assigned (20070515);"None (candidate not yet proposed)";"" 5.0.44;5;0;44;CVE-2007-3780;Candidate;"MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.";"BID:25017 | URL:http://www.securityfocus.com/bid/25017 | BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/473874/100/0/threaded | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | GENTOO:GLSA-200708-10 | URL:http://security.gentoo.org/glsa/glsa-200708-10.xml | MANDRIVA:MDKSA-2007:177 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:177 | MISC:http://bugs.mysql.com/bug.php?id=28984 | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | OSVDB:36732 | URL:http://osvdb.org/36732 | OVAL:oval:org.mitre.oval:def:11058 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11058 | REDHAT:RHSA-2007:0875 | URL:http://www.redhat.com/support/errata/RHSA-2007-0875.html | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | SECTRACK:1018629 | URL:http://www.securitytracker.com/id?1018629 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:26498 | URL:http://secunia.com/advisories/26498 | SECUNIA:26621 | URL:http://secunia.com/advisories/26621 | SECUNIA:26710 | URL:http://secunia.com/advisories/26710 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SUSE:SUSE-SR:2007:019 | URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html | UBUNTU:USN-528-1 | URL:https://usn.ubuntu.com/528-1/ | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references";Assigned (20070715);"None (candidate not yet proposed)";"" 5.0.44;5;0;44;CVE-2007-3781;Candidate;"MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement; which allows remote authenticated users to obtain sensitive information such as the table structure.";"BID:25017 | URL:http://www.securityfocus.com/bid/25017 | BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/473874/100/0/threaded | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200708-10 | URL:http://security.gentoo.org/glsa/glsa-200708-10.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | MISC:http://bugs.mysql.com/bug.php?id=25578 | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | OSVDB:37783 | URL:http://osvdb.org/37783 | OVAL:oval:org.mitre.oval:def:9195 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9195 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:26498 | URL:http://secunia.com/advisories/26498 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | UBUNTU:USN-559-1 | URL:https://usn.ubuntu.com/559-1/";Assigned (20070715);"None (candidate not yet proposed)";"" 5.0.44;5;0;44;CVE-2007-3782;Candidate;"MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.";"BID:25017 | URL:http://www.securityfocus.com/bid/25017 | BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/473874/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=27878 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:177 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:177 | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | OVAL:oval:org.mitre.oval:def:10563 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10563 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SECTRACK:1018663 | URL:http://securitytracker.com/id?1018663 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:26710 | URL:http://secunia.com/advisories/26710 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | SUSE:SUSE-SR:2007:019 | URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html | UBUNTU:USN-528-1 | URL:https://usn.ubuntu.com/528-1/";Assigned (20070715);"None (candidate not yet proposed)";"" 5.0.50;5;0;50;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/486477/100/0/threaded | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:http://support.apple.com/kb/HT3216 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | OVAL:oval:org.mitre.oval:def:10509 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:https://usn.ubuntu.com/559-1/ | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780";Assigned (20071114);"None (candidate not yet proposed)";"" 5.0.51;5;0;51;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/486477/100/0/threaded | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:http://support.apple.com/kb/HT3216 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | OVAL:oval:org.mitre.oval:def:10509 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:https://usn.ubuntu.com/559-1/ | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780";Assigned (20071114);"None (candidate not yet proposed)";"" 5.1.22;5;1;22;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/486477/100/0/threaded | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:http://support.apple.com/kb/HT3216 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | OVAL:oval:org.mitre.oval:def:10509 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:https://usn.ubuntu.com/559-1/ | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780";Assigned (20071114);"None (candidate not yet proposed)";"" 6.0.3;6;0;3;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/486477/100/0/threaded | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:http://support.apple.com/kb/HT3216 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | OVAL:oval:org.mitre.oval:def:10509 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:https://usn.ubuntu.com/559-1/ | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780";Assigned (20071114);"None (candidate not yet proposed)";"" 5.0.50;5;0;50;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BID:26832 | URL:http://www.securityfocus.com/bid/26832 | BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | XF:mysql-definer-value-privilege-escalation(38989) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38989";Assigned (20071210);"None (candidate not yet proposed)";"" 5.1.22;5;1;22;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BID:26832 | URL:http://www.securityfocus.com/bid/26832 | BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | XF:mysql-definer-value-privilege-escalation(38989) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38989";Assigned (20071210);"None (candidate not yet proposed)";"" 6.0.3;6;0;3;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BID:26832 | URL:http://www.securityfocus.com/bid/26832 | BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | XF:mysql-definer-value-privilege-escalation(38989) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38989";Assigned (20071210);"None (candidate not yet proposed)";"" 5.0.50;5;0;50;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BID:26832 | URL:http://www.securityfocus.com/bid/26832 | BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | OSVDB:42609 | URL:http://osvdb.org/42609 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:https://usn.ubuntu.com/559-1/ | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | XF:mysql-federated-engine-dos(38990) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38990";Assigned (20071210);"None (candidate not yet proposed)";"" 5.1.22;5;1;22;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BID:26832 | URL:http://www.securityfocus.com/bid/26832 | BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | OSVDB:42609 | URL:http://osvdb.org/42609 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:https://usn.ubuntu.com/559-1/ | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | XF:mysql-federated-engine-dos(38990) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38990";Assigned (20071210);"None (candidate not yet proposed)";"" 6.0.3;6;0;3;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BID:26832 | URL:http://www.securityfocus.com/bid/26832 | BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | OSVDB:42609 | URL:http://osvdb.org/42609 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:https://usn.ubuntu.com/559-1/ | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | XF:mysql-federated-engine-dos(38990) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38990";Assigned (20071210);"None (candidate not yet proposed)";"" 5.1.22;5;1;22;CVE-2007-6313;Candidate;"MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG; which allows remote authorized users to execute arbitrary BINLOG statements.";"CONFIRM:http://bugs.mysql.com/31611 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | OSVDB:43179 | URL:http://osvdb.org/43179 | SECTRACK:1019083 | URL:http://www.securitytracker.com/id?1019083 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references";Assigned (20071211);"None (candidate not yet proposed)";"" 6.0.3;6;0;3;CVE-2007-6313;Candidate;"MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG; which allows remote authorized users to execute arbitrary BINLOG statements.";"CONFIRM:http://bugs.mysql.com/31611 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | OSVDB:43179 | URL:http://osvdb.org/43179 | SECTRACK:1019083 | URL:http://www.securitytracker.com/id?1019083 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references";Assigned (20071211);"None (candidate not yet proposed)";"" 5.0.65;5;0;65;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | OVAL:oval:org.mitre.oval:def:10521 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | XF:mysql-bitstring-dos(45042) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45042";Assigned (20080909);"None (candidate not yet proposed)";"" 5.1.25;5;1;25;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | OVAL:oval:org.mitre.oval:def:10521 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | XF:mysql-bitstring-dos(45042) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45042";Assigned (20080909);"None (candidate not yet proposed)";"" 6.0.5;6;0;5;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | OVAL:oval:org.mitre.oval:def:10521 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | XF:mysql-bitstring-dos(45042) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45042";Assigned (20080909);"None (candidate not yet proposed)";"" 5.0.87;5;0;87;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"MISC:ADV-2010-1107 | URL:http://www.vupen.com/english/advisories/2010/1107 | MISC:RHSA-2010:0109 | URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html | MISC:SUSE-SR:2010:011 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | MISC:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320 | URL:http://lists.mysql.com/commits/87446 | MISC:[oss-security] 20091119 mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/19/3 | MISC:[oss-security] 20091121 CVE Request - MySQL - 5.0.88 | URL:http://marc.info/?l=oss-security&m=125881733826437&w=2 | MISC:[oss-security] 20091123 Re: mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/23/16 | MISC:http://bugs.mysql.com/47320 | URL:http://bugs.mysql.com/47320 | MISC:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | URL:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | MISC:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | URL:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | MISC:oval:org.mitre.oval:def:10940 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940 | MISC:oval:org.mitre.oval:def:8510 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510";Assigned (20091120);"None (candidate not yet proposed)";"" 5.1.40;5;1;40;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"MISC:ADV-2010-1107 | URL:http://www.vupen.com/english/advisories/2010/1107 | MISC:RHSA-2010:0109 | URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html | MISC:SUSE-SR:2010:011 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | MISC:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320 | URL:http://lists.mysql.com/commits/87446 | MISC:[oss-security] 20091119 mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/19/3 | MISC:[oss-security] 20091121 CVE Request - MySQL - 5.0.88 | URL:http://marc.info/?l=oss-security&m=125881733826437&w=2 | MISC:[oss-security] 20091123 Re: mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/23/16 | MISC:http://bugs.mysql.com/47320 | URL:http://bugs.mysql.com/47320 | MISC:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | URL:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | MISC:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | URL:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | MISC:oval:org.mitre.oval:def:10940 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940 | MISC:oval:org.mitre.oval:def:8510 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510";Assigned (20091120);"None (candidate not yet proposed)";"" 1.9.8;1;9;8;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_demo.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://intevydis.com/vd-list.shtml | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)";"" 5.0.89;5;0;89;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_demo.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://intevydis.com/vd-list.shtml | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)";"" 5.1.42;5;1;42;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_demo.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://intevydis.com/vd-list.shtml | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)";"" 5.5.-1;5;5;-1;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_demo.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://intevydis.com/vd-list.shtml | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)";"" 5.0.50;5;0;50;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_demo.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://intevydis.com/vd-list.shtml | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)";"" 37.1.0;37;1;0;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_demo.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://intevydis.com/vd-list.shtml | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)";"" 5.0.92;5;0;92;CVE-2009-5026;Candidate;"The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50; when running in certain slave configurations in which the slave is running a newer version than the master; allows remote attackers to execute arbitrary SQL commands via custom comments.";"CONFIRM:http://bugs.mysql.com/bug.php?id=49124 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640177 | MLIST:[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009) | URL:http://seclists.org/oss-sec/2011/q4/101 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SUSE:SUSE-SU-2012:0984 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html";Assigned (20101209);"None (candidate not yet proposed)";"" 5.1.49;5;1;49;CVE-2009-5026;Candidate;"The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50; when running in certain slave configurations in which the slave is running a newer version than the master; allows remote attackers to execute arbitrary SQL commands via custom comments.";"CONFIRM:http://bugs.mysql.com/bug.php?id=49124 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640177 | MLIST:[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009) | URL:http://seclists.org/oss-sec/2011/q4/101 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SUSE:SUSE-SU-2012:0984 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html";Assigned (20101209);"None (candidate not yet proposed)";"" 5.1.47;5;1;47;CVE-2010-2008;Candidate;"MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot); .. (dot dot); ../ (dot dot slash) or similar sequence; and an UPGRADE DATA DIRECTORY NAME command; which causes MySQL to move certain directories to the server data directory.";"BID:41198 | URL:http://www.securityfocus.com/bid/41198 | CONFIRM:http://bugs.mysql.com/bug.php?id=53804 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html | FEDORA:FEDORA-2010-11135 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044546.html | MANDRIVA:MDVSA-2010:155 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:155 | OVAL:oval:org.mitre.oval:def:11869 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11869 | SECTRACK:1024160 | URL:http://www.securitytracker.com/id?1024160 | SECUNIA:40333 | URL:http://secunia.com/advisories/40333 | SECUNIA:40762 | URL:http://secunia.com/advisories/40762 | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | VUPEN:ADV-2010-1918 | URL:http://www.vupen.com/english/advisories/2010/1918";Assigned (20100521);"None (candidate not yet proposed)";"" 5.0.91;5;0;91;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:http://support.apple.com/kb/HT4723 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | MISC:http://bugs.mysql.com/bug.php?id=55826 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64845";Assigned (20101007);"None (candidate not yet proposed)";"" 5.1.50;5;1;50;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:http://support.apple.com/kb/HT4723 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | MISC:http://bugs.mysql.com/bug.php?id=55826 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64845";Assigned (20101007);"None (candidate not yet proposed)";"" 5.5.5;5;5;5;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:http://support.apple.com/kb/HT4723 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | MISC:http://bugs.mysql.com/bug.php?id=55826 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64845";Assigned (20101007);"None (candidate not yet proposed)";"" 5.0.91;5;0;91;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:http://support.apple.com/kb/HT4723 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | MISC:http://bugs.mysql.com/bug.php?id=55568 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64844";Assigned (20101007);"None (candidate not yet proposed)";"" 5.1.50;5;1;50;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:http://support.apple.com/kb/HT4723 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | MISC:http://bugs.mysql.com/bug.php?id=55568 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64844";Assigned (20101007);"None (candidate not yet proposed)";"" 5.5.5;5;5;5;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:http://support.apple.com/kb/HT4723 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | MISC:http://bugs.mysql.com/bug.php?id=55568 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64844";Assigned (20101007);"None (candidate not yet proposed)";"" 5.1.50;5;1;50;CVE-2010-3835;Candidate;"MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY; then causing the expression value to be used after the table is created; which causes the expression to be re-evaluated instead of accessing its value from the table.";"APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:http://support.apple.com/kb/HT4723 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640819 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | MISC:http://bugs.mysql.com/bug.php?id=55564 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-uservariable-dos(64843) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64843";Assigned (20101007);"None (candidate not yet proposed)";"" 5.5.5;5;5;5;CVE-2010-3835;Candidate;"MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY; then causing the expression value to be used after the table is created; which causes the expression to be re-evaluated instead of accessing its value from the table.";"APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:http://support.apple.com/kb/HT4723 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640819 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | MISC:http://bugs.mysql.com/bug.php?id=55564 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-uservariable-dos(64843) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64843";Assigned (20101007);"None (candidate not yet proposed)";"" 5.0.91;5;0;91;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:http://support.apple.com/kb/HT4723 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64842";Assigned (20101007);"None (candidate not yet proposed)";"" 5.1.50;5;1;50;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:http://support.apple.com/kb/HT4723 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64842";Assigned (20101007);"None (candidate not yet proposed)";"" 5.5.5;5;5;5;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:http://support.apple.com/kb/HT4723 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64842";Assigned (20101007);"None (candidate not yet proposed)";"" 5.0.91;5;0;91;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:http://support.apple.com/kb/HT4723 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64841";Assigned (20101007);"None (candidate not yet proposed)";"" 5.1.50;5;1;50;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:http://support.apple.com/kb/HT4723 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64841";Assigned (20101007);"None (candidate not yet proposed)";"" 5.5.5;5;5;5;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:http://support.apple.com/kb/HT4723 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64841";Assigned (20101007);"None (candidate not yet proposed)";"" 5.0.91;5;0;91;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:http://support.apple.com/kb/HT4723 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | MISC:http://bugs.mysql.com/bug.php?id=54461 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64840";Assigned (20101007);"None (candidate not yet proposed)";"" 5.1.50;5;1;50;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:http://support.apple.com/kb/HT4723 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | MISC:http://bugs.mysql.com/bug.php?id=54461 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64840";Assigned (20101007);"None (candidate not yet proposed)";"" 5.5.5;5;5;5;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:http://support.apple.com/kb/HT4723 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | MISC:http://bugs.mysql.com/bug.php?id=54461 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64840";Assigned (20101007);"None (candidate not yet proposed)";"" 5.1.50;5;1;50;CVE-2010-3840;Candidate;"The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.";"BID:43676 | URL:http://www.securityfocus.com/bid/43676 | CONFIRM:http://bugs.mysql.com/bug.php?id=51875 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640865 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | MISC:http://lists.mysql.com/commits/117094 | REDHAT:RHSA-2010:0824 | URL:http://www.redhat.com/support/errata/RHSA-2010-0824.html | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-gislinestringinitfromwkb-dos(64838) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64838";Assigned (20101007);"None (candidate not yet proposed)";"" 0.9.3;0;9;3;CVE-2011-0432;Candidate;"Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.";"BID:46655 | URL:http://www.securityfocus.com/bid/46655 | CONFIRM:http://code.google.com/p/pywebdav/updates/list | CONFIRM:http://pywebdav.googlecode.com/files/PyWebDAV-0.9.4.1.tar.gz | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=677718 | DEBIAN:DSA-2177 | URL:http://www.debian.org/security/2011/dsa-2177 | FEDORA:FEDORA-2011-2427 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055444.html | FEDORA:FEDORA-2011-2460 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055412.html | FEDORA:FEDORA-2011-2470 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055413.html | SECUNIA:43571 | URL:http://secunia.com/advisories/43571 | SECUNIA:43602 | URL:http://secunia.com/advisories/43602 | SECUNIA:43703 | URL:http://secunia.com/advisories/43703 | VUPEN:ADV-2011-0553 | URL:http://www.vupen.com/english/advisories/2011/0553 | VUPEN:ADV-2011-0554 | URL:http://www.vupen.com/english/advisories/2011/0554 | VUPEN:ADV-2011-0634 | URL:http://www.vupen.com/english/advisories/2011/0634";Assigned (20110112);"None (candidate not yet proposed)";"" 5.1.62;5;1;62;CVE-2012-0540;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"BID:54551 | URL:http://www.securityfocus.com/bid/54551 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OSVDB:83976 | URL:http://osvdb.org/83976 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-gisextension-dos(77061) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77061";Assigned (20120111);"None (candidate not yet proposed)";"" 5.5.23;5;5;23;CVE-2012-0540;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"BID:54551 | URL:http://www.securityfocus.com/bid/54551 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OSVDB:83976 | URL:http://osvdb.org/83976 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-gisextension-dos(77061) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77061";Assigned (20120111);"None (candidate not yet proposed)";"" 5.1.66;5;1;66;CVE-2012-0572;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OVAL:oval:org.mitre.oval:def:16792 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16792 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20120111);"None (candidate not yet proposed)";"" 5.5.28;5;5;28;CVE-2012-0572;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OVAL:oval:org.mitre.oval:def:16792 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16792 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20120111);"None (candidate not yet proposed)";"" 5.1.66;5;1;66;CVE-2012-0574;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | HP:HPSBUX02824 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | HP:SSRT100970 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OVAL:oval:org.mitre.oval:def:17266 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17266 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20120111);"None (candidate not yet proposed)";"" 5.5.28;5;5;28;CVE-2012-0574;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | HP:HPSBUX02824 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | HP:SSRT100970 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OVAL:oval:org.mitre.oval:def:17266 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17266 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20120111);"None (candidate not yet proposed)";"" 5.5.28;5;5;28;CVE-2012-0578;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OVAL:oval:org.mitre.oval:def:16947 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16947 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20120111);"None (candidate not yet proposed)";"" 5.1.60;5;1;60;CVE-2012-0583;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier; and 5.5.19 and earlier; allows remote authenticated users to affect availability; related to MyISAM.";"BID:53061 | URL:http://www.securityfocus.com/bid/53061 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)";"" 5.5.19;5;5;19;CVE-2012-0583;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier; and 5.5.19 and earlier; allows remote authenticated users to affect availability; related to MyISAM.";"BID:53061 | URL:http://www.securityfocus.com/bid/53061 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)";"" 5.1.61;5;1;61;CVE-2012-1688;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability; related to Server DML.";"BID:53067 | URL:http://www.securityfocus.com/bid/53067 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)";"" 5.5.21;5;5;21;CVE-2012-1688;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability; related to Server DML.";"BID:53067 | URL:http://www.securityfocus.com/bid/53067 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)";"" 5.1.62;5;1;62;CVE-2012-1689;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"BID:54547 | URL:http://www.securityfocus.com/bid/54547 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OSVDB:83980 | URL:http://osvdb.org/83980 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-optimizer-dos(77065) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77065";Assigned (20120316);"None (candidate not yet proposed)";"" 5.5.22;5;5;22;CVE-2012-1689;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"BID:54547 | URL:http://www.securityfocus.com/bid/54547 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OSVDB:83980 | URL:http://osvdb.org/83980 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-optimizer-dos(77065) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77065";Assigned (20120316);"None (candidate not yet proposed)";"" 5.1.61;5;1;61;CVE-2012-1690;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1703.";"BID:53074 | URL:http://www.securityfocus.com/bid/53074 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)";"" 5.5.21;5;5;21;CVE-2012-1690;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1703.";"BID:53074 | URL:http://www.securityfocus.com/bid/53074 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)";"" 5.5.19;5;5;19;CVE-2012-1696;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"BID:53071 | URL:http://www.securityfocus.com/bid/53071 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)";"" 5.5.21;5;5;21;CVE-2012-1697;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"BID:53064 | URL:http://www.securityfocus.com/bid/53064 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)";"" 5.1.66;5;1;66;CVE-2012-1702;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OVAL:oval:org.mitre.oval:def:17186 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17186 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20120316);"None (candidate not yet proposed)";"" 5.5.28;5;5;28;CVE-2012-1702;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OVAL:oval:org.mitre.oval:def:17186 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17186 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20120316);"None (candidate not yet proposed)";"" 5.1.61;5;1;61;CVE-2012-1703;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1690.";"BID:53058 | URL:http://www.securityfocus.com/bid/53058 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)";"" 5.5.21;5;5;21;CVE-2012-1703;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1690.";"BID:53058 | URL:http://www.securityfocus.com/bid/53058 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)";"" 5.1.66;5;1;66;CVE-2012-1705;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OVAL:oval:org.mitre.oval:def:17268 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17268 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20120316);"None (candidate not yet proposed)";"" 5.5.28;5;5;28;CVE-2012-1705;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OVAL:oval:org.mitre.oval:def:17268 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17268 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20120316);"None (candidate not yet proposed)";"" 5.1.62;5;1;62;CVE-2012-1734;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"BID:54540 | URL:http://www.securityfocus.com/bid/54540 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OSVDB:83979 | URL:http://osvdb.org/83979 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-servopt-dos(77064) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77064";Assigned (20120316);"None (candidate not yet proposed)";"" 5.5.23;5;5;23;CVE-2012-1734;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"BID:54540 | URL:http://www.securityfocus.com/bid/54540 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OSVDB:83979 | URL:http://osvdb.org/83979 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-servopt-dos(77064) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77064";Assigned (20120316);"None (candidate not yet proposed)";"" 5.5.23;5;5;23;CVE-2012-1735;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"BID:54549 | URL:http://www.securityfocus.com/bid/54549 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OSVDB:83975 | URL:http://osvdb.org/83975 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-serveroptimizer-dos(77060) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77060";Assigned (20120316);"None (candidate not yet proposed)";"" 5.5.23;5;5;23;CVE-2012-1756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors.";"BID:54524 | URL:http://www.securityfocus.com/bid/54524 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OSVDB:83978 | URL:http://osvdb.org/83978 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-server1-dos(77063) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77063";Assigned (20120316);"None (candidate not yet proposed)";"" 5.5.23;5;5;23;CVE-2012-1757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"BID:54526 | URL:http://www.securityfocus.com/bid/54526 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OSVDB:83977 | URL:http://osvdb.org/83977 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-innodb1-dos(77062) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77062";Assigned (20120316);"None (candidate not yet proposed)";"" 5.1.61;5;1;61;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"BID:52931 | URL:http://www.securityfocus.com/bid/52931 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 | MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ | MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE | URL:http://www.openwall.com/lists/oss-security/2012/04/13/7 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)";"" 5.5.21;5;5;21;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"BID:52931 | URL:http://www.securityfocus.com/bid/52931 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 | MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ | MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE | URL:http://www.openwall.com/lists/oss-security/2012/04/13/7 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)";"" 97.15.14;97;15;14;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"BID:52931 | URL:http://www.securityfocus.com/bid/52931 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 | MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ | MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE | URL:http://www.openwall.com/lists/oss-security/2012/04/13/7 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)";"" 5.5.26;5;5;26;CVE-2012-3144;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | XF:mysqlserver-server-cve20123144-dos(79387) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79387";Assigned (20120606);"None (candidate not yet proposed)";"" 5.5.26;5;5;26;CVE-2012-3147;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability; related to MySQL Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | XF:mysqlserver-client-cve20123147(79384) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79384";Assigned (20120606);"None (candidate not yet proposed)";"" 5.5.26;5;5;26;CVE-2012-3149;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality; related to MySQL Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | XF:mysqlserver-client-info-disc(79390) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79390";Assigned (20120606);"None (candidate not yet proposed)";"" 5.1.64;5;1;64;CVE-2012-3150;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | XF:mysqlserver-opt-dos(79388) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79388";Assigned (20120606);"None (candidate not yet proposed)";"" 5.5.26;5;5;26;CVE-2012-3150;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | XF:mysqlserver-opt-dos(79388) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79388";Assigned (20120606);"None (candidate not yet proposed)";"" 5.5.25;5;5;25;CVE-2012-3156;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1";Assigned (20120606);"None (candidate not yet proposed)";"" 5.1.64;5;1;64;CVE-2012-3158;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Protocol.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | XF:mysqlserver-protocol-cve20123158(79382) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79382";Assigned (20120606);"None (candidate not yet proposed)";"" 5.5.26;5;5;26;CVE-2012-3158;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Protocol.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | XF:mysqlserver-protocol-cve20123158(79382) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79382";Assigned (20120606);"None (candidate not yet proposed)";"" 5.1.65;5;1;65;CVE-2012-3160;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows local users to affect confidentiality via unknown vectors related to Server Installation.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | XF:mysqlserver-serverinstallation-info-disc(79394) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79394";Assigned (20120606);"None (candidate not yet proposed)";"" 5.5.27;5;5;27;CVE-2012-3160;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows local users to affect confidentiality via unknown vectors related to Server Installation.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | XF:mysqlserver-serverinstallation-info-disc(79394) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79394";Assigned (20120606);"None (candidate not yet proposed)";"" 5.1.64;5;1;64;CVE-2012-3163;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Information Schema.";"CONFIRM:http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14907.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | SECUNIA:56509 | URL:http://secunia.com/advisories/56509 | SECUNIA:56513 | URL:http://secunia.com/advisories/56513 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | XF:mysqlserver-informationschema-cve20123163(79381) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79381";Assigned (20120606);"None (candidate not yet proposed)";"" 5.5.26;5;5;26;CVE-2012-3163;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Information Schema.";"CONFIRM:http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14907.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | SECUNIA:56509 | URL:http://secunia.com/advisories/56509 | SECUNIA:56513 | URL:http://secunia.com/advisories/56513 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | XF:mysqlserver-informationschema-cve20123163(79381) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79381";Assigned (20120606);"None (candidate not yet proposed)";"" 5.1.63;5;1;63;CVE-2012-3166;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1";Assigned (20120606);"None (candidate not yet proposed)";"" 5.5.25;5;5;25;CVE-2012-3166;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1";Assigned (20120606);"None (candidate not yet proposed)";"" 5.1.63;5;1;63;CVE-2012-3167;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | XF:mysqlserver-serverfulltextsearch-dos(79392) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79392";Assigned (20120606);"None (candidate not yet proposed)";"" 5.5.25;5;5;25;CVE-2012-3167;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | XF:mysqlserver-serverfulltextsearch-dos(79392) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79392";Assigned (20120606);"None (candidate not yet proposed)";"" 5.1.63;5;1;63;CVE-2012-3173;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | XF:mysqlserver-innodbplugin-dos(79386) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79386";Assigned (20120606);"None (candidate not yet proposed)";"" 5.5.25;5;5;25;CVE-2012-3173;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | XF:mysqlserver-innodbplugin-dos(79386) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79386";Assigned (20120606);"None (candidate not yet proposed)";"" 5.1.65;5;1;65;CVE-2012-3177;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | XF:mysqlserver-server-dos(79383) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79383";Assigned (20120606);"None (candidate not yet proposed)";"" 5.5.27;5;5;27;CVE-2012-3177;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | XF:mysqlserver-server-dos(79383) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79383";Assigned (20120606);"None (candidate not yet proposed)";"" 5.1.65;5;1;65;CVE-2012-3180;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | XF:mysqlserver-optimize-dos(79389) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79389";Assigned (20120606);"None (candidate not yet proposed)";"" 5.5.27;5;5;27;CVE-2012-3180;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | XF:mysqlserver-optimize-dos(79389) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79389";Assigned (20120606);"None (candidate not yet proposed)";"" 5.1.64;5;1;64;CVE-2012-3197;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | XF:mysqlserver-serverreplication-dos(79393) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79393";Assigned (20120606);"None (candidate not yet proposed)";"" 5.5.26;5;5;26;CVE-2012-3197;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | XF:mysqlserver-serverreplication-dos(79393) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79393";Assigned (20120606);"None (candidate not yet proposed)";"" 5.5.28;5;5;28;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MISC:55498 | URL:http://www.securityfocus.com/bid/55498 | MISC:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | MISC:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MISC:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | URL:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | URL:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | MISC:https://mariadb.atlassian.net/browse/MDEV-382 | URL:https://mariadb.atlassian.net/browse/MDEV-382 | MISC:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | MISC:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | MISC:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | MISC:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html";Assigned (20120821);"None (candidate not yet proposed)";"" 5.1.61;5;1;61;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MISC:55498 | URL:http://www.securityfocus.com/bid/55498 | MISC:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | MISC:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MISC:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | URL:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | URL:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | MISC:https://mariadb.atlassian.net/browse/MDEV-382 | URL:https://mariadb.atlassian.net/browse/MDEV-382 | MISC:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | MISC:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | MISC:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | MISC:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html";Assigned (20120821);"None (candidate not yet proposed)";"" 5.2.11;5;2;11;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MISC:55498 | URL:http://www.securityfocus.com/bid/55498 | MISC:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | MISC:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MISC:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | URL:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | URL:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | MISC:https://mariadb.atlassian.net/browse/MDEV-382 | URL:https://mariadb.atlassian.net/browse/MDEV-382 | MISC:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | MISC:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | MISC:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | MISC:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html";Assigned (20120821);"None (candidate not yet proposed)";"" 5.3.6;5;3;6;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MISC:55498 | URL:http://www.securityfocus.com/bid/55498 | MISC:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | MISC:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MISC:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | URL:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | URL:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | MISC:https://mariadb.atlassian.net/browse/MDEV-382 | URL:https://mariadb.atlassian.net/browse/MDEV-382 | MISC:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | MISC:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | MISC:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | MISC:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html";Assigned (20120821);"None (candidate not yet proposed)";"" 5.5.24;5;5;24;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MISC:55498 | URL:http://www.securityfocus.com/bid/55498 | MISC:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | MISC:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MISC:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | URL:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | URL:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | MISC:https://mariadb.atlassian.net/browse/MDEV-382 | URL:https://mariadb.atlassian.net/browse/MDEV-382 | MISC:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | MISC:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | MISC:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | MISC:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html";Assigned (20120821);"None (candidate not yet proposed)";"" 5.1.65;5;1;65;CVE-2012-5060;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20120921);"None (candidate not yet proposed)";"" 5.5.27;5;5;27;CVE-2012-5060;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20120921);"None (candidate not yet proposed)";"" 5.5.28;5;5;28;CVE-2012-5096;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OVAL:oval:org.mitre.oval:def:16877 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16877 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20120922);"None (candidate not yet proposed)";"" 5.5.28;5;5;28;CVE-2013-0367;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OVAL:oval:org.mitre.oval:def:17077 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17077 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20121207);"None (candidate not yet proposed)";"" 5.5.28;5;5;28;CVE-2013-0368;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OVAL:oval:org.mitre.oval:def:17255 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17255 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20121207);"None (candidate not yet proposed)";"" 5.5.28;5;5;28;CVE-2013-0371;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability; related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OVAL:oval:org.mitre.oval:def:16451 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16451 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20121207);"None (candidate not yet proposed)";"" 5.1.66;5;1;66;CVE-2013-0375;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.1.28 and earlier; allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OVAL:oval:org.mitre.oval:def:17175 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17175 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20121207);"None (candidate not yet proposed)";"" 5.1.28;5;1;28;CVE-2013-0375;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.1.28 and earlier; allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OVAL:oval:org.mitre.oval:def:17175 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17175 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20121207);"None (candidate not yet proposed)";"" 5.1.66;5;1;66;CVE-2013-0383;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote attackers to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OVAL:oval:org.mitre.oval:def:16758 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16758 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20121207);"None (candidate not yet proposed)";"" 5.5.28;5;5;28;CVE-2013-0383;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote attackers to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OVAL:oval:org.mitre.oval:def:16758 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16758 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20121207);"None (candidate not yet proposed)";"" 5.1.66;5;1;66;CVE-2013-0384;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OVAL:oval:org.mitre.oval:def:16632 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16632 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20121207);"None (candidate not yet proposed)";"" 5.5.28;5;5;28;CVE-2013-0384;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OVAL:oval:org.mitre.oval:def:16632 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16632 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20121207);"None (candidate not yet proposed)";"" 5.1.66;5;1;66;CVE-2013-0385;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OVAL:oval:org.mitre.oval:def:16267 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16267 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20121207);"None (candidate not yet proposed)";"" 5.5.28;5;5;28;CVE-2013-0385;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OVAL:oval:org.mitre.oval:def:16267 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16267 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20121207);"None (candidate not yet proposed)";"" 5.5.28;5;5;28;CVE-2013-0386;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OVAL:oval:org.mitre.oval:def:16835 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16835 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20121207);"None (candidate not yet proposed)";"" 5.1.66;5;1;66;CVE-2013-0389;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OVAL:oval:org.mitre.oval:def:16825 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16825 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20121207);"None (candidate not yet proposed)";"" 5.5.28;5;5;28;CVE-2013-0389;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | OVAL:oval:org.mitre.oval:def:16825 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16825 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1";Assigned (20121207);"None (candidate not yet proposed)";"" 5.5.30;5;5;30;CVE-2013-1502;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)";"" 5.6.9;5;6;9;CVE-2013-1502;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)";"" 5.1.67;5;1;67;CVE-2013-1506;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; 5.5.29 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)";"" 5.5.29;5;5;29;CVE-2013-1506;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; 5.5.29 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)";"" 5.6.10;5;6;10;CVE-2013-1506;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; 5.5.29 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)";"" 5.1.67;5;1;67;CVE-2013-1521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)";"" 5.5.29;5;5;29;CVE-2013-1521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)";"" 5.5.29;5;5;29;CVE-2013-1523;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)";"" 5.6.10;5;6;10;CVE-2013-1523;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)";"" 5.5.29;5;5;29;CVE-2013-1526;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)";"" 5.1.66;5;1;66;CVE-2013-1531;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)";"" 5.5.28;5;5;28;CVE-2013-1531;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)";"" 5.1.63;5;1;63;CVE-2013-1548;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)";"" 5.1.67;5;1;67;CVE-2013-1555;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; and 5.5.29 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)";"" 5.5.29;5;5;29;CVE-2013-1555;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; and 5.5.29 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)";"" 5.5.29;5;5;29;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"BID:58511 | URL:http://www.securityfocus.com/bid/58511 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)";"" 5.3.12;5;3;12;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"BID:58511 | URL:http://www.securityfocus.com/bid/58511 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)";"" 5.2.14;5;2;14;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"BID:58511 | URL:http://www.securityfocus.com/bid/58511 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)";"" 5.1.67;5;1;67;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"BID:58511 | URL:http://www.securityfocus.com/bid/58511 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)";"" 5.1.68;5;1;68;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"BID:58511 | URL:http://www.securityfocus.com/bid/58511 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)";"" 5.5.30;5;5;30;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"BID:58511 | URL:http://www.securityfocus.com/bid/58511 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)";"" 5.6.10;5;6;10;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"BID:58511 | URL:http://www.securityfocus.com/bid/58511 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)";"" 5.6.10;5;6;10;CVE-2013-2381;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)";"" 5.1.68;5;1;68;CVE-2013-2391;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)";"" 5.5.30;5;5;30;CVE-2013-2391;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)";"" 5.6.10;5;6;10;CVE-2013-2391;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)";"" 5.1.68;5;1;68;CVE-2013-2392;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)";"" 5.5.30;5;5;30;CVE-2013-2392;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)";"" 5.6.10;5;6;10;CVE-2013-2392;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)";"" 5.5.31;5;5;31;CVE-2013-3783;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.";"BID:61210 | URL:http://www.securityfocus.com/bid/61210 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | OSVDB:95332 | URL:http://osvdb.org/95332 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | XF:oracle-cpujuly2013-cve20133783(85719) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85719";Assigned (20130603);"None (candidate not yet proposed)";"" 5.5.31;5;5;31;CVE-2013-3793;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.";"BID:61264 | URL:http://www.securityfocus.com/bid/61264 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | OSVDB:95323 | URL:http://osvdb.org/95323 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | XF:oracle-cpujuly2013-cve20133793(85710) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85710";Assigned (20130603);"None (candidate not yet proposed)";"" 5.6.11;5;6;11;CVE-2013-3793;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.";"BID:61264 | URL:http://www.securityfocus.com/bid/61264 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | OSVDB:95323 | URL:http://osvdb.org/95323 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | XF:oracle-cpujuly2013-cve20133793(85710) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85710";Assigned (20130603);"None (candidate not yet proposed)";"" 5.5.30;5;5;30;CVE-2013-3794;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"BID:61222 | URL:http://www.securityfocus.com/bid/61222 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | OSVDB:95333 | URL:http://osvdb.org/95333 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html";Assigned (20130603);"None (candidate not yet proposed)";"" 5.6.10;5;6;10;CVE-2013-3794;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"BID:61222 | URL:http://www.securityfocus.com/bid/61222 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | OSVDB:95333 | URL:http://osvdb.org/95333 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html";Assigned (20130603);"None (candidate not yet proposed)";"" 5.6.11;5;6;11;CVE-2013-3795;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.";"BID:61241 | URL:http://www.securityfocus.com/bid/61241 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | OSVDB:95324 | URL:http://osvdb.org/95324 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html";Assigned (20130603);"None (candidate not yet proposed)";"" 5.6.11;5;6;11;CVE-2013-3796;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"BID:61233 | URL:http://www.securityfocus.com/bid/61233 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | OSVDB:95329 | URL:http://osvdb.org/95329 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html";Assigned (20130603);"None (candidate not yet proposed)";"" 5.6.11;5;6;11;CVE-2013-3798;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.";"BID:61274 | URL:http://www.securityfocus.com/bid/61274 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | OSVDB:95321 | URL:http://osvdb.org/95321 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html";Assigned (20130603);"None (candidate not yet proposed)";"" 5.5.30;5;5;30;CVE-2013-3801;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"BID:61269 | URL:http://www.securityfocus.com/bid/61269 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | OSVDB:95331 | URL:http://osvdb.org/95331 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html";Assigned (20130603);"None (candidate not yet proposed)";"" 5.6.10;5;6;10;CVE-2013-3801;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"BID:61269 | URL:http://www.securityfocus.com/bid/61269 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | OSVDB:95331 | URL:http://osvdb.org/95331 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html";Assigned (20130603);"None (candidate not yet proposed)";"" 5.1.69;5;1;69;CVE-2013-3802;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.";"BID:61244 | URL:http://www.securityfocus.com/bid/61244 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | OSVDB:95325 | URL:http://osvdb.org/95325 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | XF:oracle-cpujuly2013-cve20133802(85712) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85712";Assigned (20130603);"None (candidate not yet proposed)";"" 5.5.31;5;5;31;CVE-2013-3802;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.";"BID:61244 | URL:http://www.securityfocus.com/bid/61244 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | OSVDB:95325 | URL:http://osvdb.org/95325 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | XF:oracle-cpujuly2013-cve20133802(85712) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85712";Assigned (20130603);"None (candidate not yet proposed)";"" 5.6.11;5;6;11;CVE-2013-3802;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.";"BID:61244 | URL:http://www.securityfocus.com/bid/61244 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | OSVDB:95325 | URL:http://osvdb.org/95325 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | XF:oracle-cpujuly2013-cve20133802(85712) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85712";Assigned (20130603);"None (candidate not yet proposed)";"" 5.1.69;5;1;69;CVE-2013-3804;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | OSVDB:95328 | URL:http://osvdb.org/95328 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | XF:oracle-cpujuly2013-cve20133804(85715) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85715";Assigned (20130603);"None (candidate not yet proposed)";"" 5.5.31;5;5;31;CVE-2013-3804;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | OSVDB:95328 | URL:http://osvdb.org/95328 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | XF:oracle-cpujuly2013-cve20133804(85715) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85715";Assigned (20130603);"None (candidate not yet proposed)";"" 5.6.11;5;6;11;CVE-2013-3804;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | OSVDB:95328 | URL:http://osvdb.org/95328 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | XF:oracle-cpujuly2013-cve20133804(85715) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85715";Assigned (20130603);"None (candidate not yet proposed)";"" 5.5.30;5;5;30;CVE-2013-3805;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | OSVDB:95327 | URL:http://osvdb.org/95327 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html";Assigned (20130603);"None (candidate not yet proposed)";"" 5.6.10;5;6;10;CVE-2013-3805;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | OSVDB:95327 | URL:http://osvdb.org/95327 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html";Assigned (20130603);"None (candidate not yet proposed)";"" 5.6.11;5;6;11;CVE-2013-3806;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-3811.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | OSVDB:95326 | URL:http://osvdb.org/95326 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | XF:oracle-cpujuly2013-cve20133806(85713) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85713";Assigned (20130603);"None (candidate not yet proposed)";"" 5.6.11;5;6;11;CVE-2013-3807;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | OSVDB:95334 | URL:http://osvdb.org/95334 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | XF:oracle-cpujuly2013-cve20133807(85721) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85721";Assigned (20130603);"None (candidate not yet proposed)";"" 5.1.68;5;1;68;CVE-2013-3808;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | OSVDB:95330 | URL:http://osvdb.org/95330 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | XF:oracle-cpujuly2013-cve20133808(85717) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85717";Assigned (20130603);"None (candidate not yet proposed)";"" 5.5.30;5;5;30;CVE-2013-3808;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | OSVDB:95330 | URL:http://osvdb.org/95330 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | XF:oracle-cpujuly2013-cve20133808(85717) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85717";Assigned (20130603);"None (candidate not yet proposed)";"" 5.6.10;5;6;10;CVE-2013-3808;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | OSVDB:95330 | URL:http://osvdb.org/95330 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | XF:oracle-cpujuly2013-cve20133808(85717) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85717";Assigned (20130603);"None (candidate not yet proposed)";"" 5.5.31;5;5;31;CVE-2013-3809;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | OSVDB:95322 | URL:http://osvdb.org/95322 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | XF:oracle-cpujuly2013-cve20133809(85709) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85709";Assigned (20130603);"None (candidate not yet proposed)";"" 5.6.11;5;6;11;CVE-2013-3809;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | OSVDB:95322 | URL:http://osvdb.org/95322 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | XF:oracle-cpujuly2013-cve20133809(85709) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85709";Assigned (20130603);"None (candidate not yet proposed)";"" 5.6.11;5;6;11;CVE-2013-3810;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | OSVDB:95337 | URL:http://osvdb.org/95337 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | XF:oracle-cpujuly2013-cve20133810(85724) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85724";Assigned (20130603);"None (candidate not yet proposed)";"" 5.6.11;5;6;11;CVE-2013-3811;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-3806.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | OSVDB:95335 | URL:http://osvdb.org/95335 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | XF:oracle-cpujuly2013-cve20133811(85722) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85722";Assigned (20130603);"None (candidate not yet proposed)";"" 5.5.31;5;5;31;CVE-2013-3812;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | OSVDB:95336 | URL:http://osvdb.org/95336 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | XF:oracle-cpujuly2013-cve20133812(85723) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85723";Assigned (20130603);"None (candidate not yet proposed)";"" 5.6.11;5;6;11;CVE-2013-3812;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | OSVDB:95336 | URL:http://osvdb.org/95336 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | XF:oracle-cpujuly2013-cve20133812(85723) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85723";Assigned (20130603);"None (candidate not yet proposed)";"" 5.1.70;5;1;70;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"BID:63109 | URL:http://www.securityfocus.com/bid/63109 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2780 | URL:http://www.debian.org/security/2013/dsa-2780 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2013:250 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | SECUNIA:55291 | URL:http://secunia.com/advisories/55291 | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1";Assigned (20130603);"None (candidate not yet proposed)";"" 5.5.32;5;5;32;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"BID:63109 | URL:http://www.securityfocus.com/bid/63109 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2780 | URL:http://www.debian.org/security/2013/dsa-2780 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2013:250 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | SECUNIA:55291 | URL:http://secunia.com/advisories/55291 | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1";Assigned (20130603);"None (candidate not yet proposed)";"" 5.6.12;5;6;12;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"BID:63109 | URL:http://www.securityfocus.com/bid/63109 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2780 | URL:http://www.debian.org/security/2013/dsa-2780 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2013:250 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | SECUNIA:55291 | URL:http://secunia.com/advisories/55291 | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1";Assigned (20130603);"None (candidate not yet proposed)";"" 5.6.12;5;6;12;CVE-2013-5767;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"BID:63113 | URL:http://www.securityfocus.com/bid/63113 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)";"" 5.6.11;5;6;11;CVE-2013-5770;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"BID:63119 | URL:http://www.securityfocus.com/bid/63119 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)";"" 5.6.12;5;6;12;CVE-2013-5786;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5793.";"BID:63107 | URL:http://www.securityfocus.com/bid/63107 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)";"" 5.6.12;5;6;12;CVE-2013-5793;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5786.";"BID:63116 | URL:http://www.securityfocus.com/bid/63116 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)";"" 5.5.32;5;5;32;CVE-2013-5807;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.";"BID:63105 | URL:http://www.securityfocus.com/bid/63105 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1";Assigned (20130918);"None (candidate not yet proposed)";"" 5.6.12;5;6;12;CVE-2013-5807;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.";"BID:63105 | URL:http://www.securityfocus.com/bid/63105 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1";Assigned (20130918);"None (candidate not yet proposed)";"" 5.6.14;5;6;14;CVE-2013-5860;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64864 | URL:http://www.securityfocus.com/bid/64864 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135860(90373) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90373";Assigned (20130918);"None (candidate not yet proposed)";"" 5.6.14;5;6;14;CVE-2013-5881;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2014-0431.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64885 | URL:http://www.securityfocus.com/bid/64885 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102066 | URL:http://osvdb.org/102066 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135881(90377) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90377";Assigned (20130918);"None (candidate not yet proposed)";"" 5.6.13;5;6;13;CVE-2013-5882;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64854 | URL:http://www.securityfocus.com/bid/64854 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135882(90374) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90374";Assigned (20130918);"None (candidate not yet proposed)";"" 5.5.33;5;5;33;CVE-2013-5891;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64891 | URL:http://www.securityfocus.com/bid/64891 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102070 | URL:http://osvdb.org/102070 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1";Assigned (20130918);"None (candidate not yet proposed)";"" 5.6.13;5;6;13;CVE-2013-5891;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64891 | URL:http://www.securityfocus.com/bid/64891 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102070 | URL:http://osvdb.org/102070 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1";Assigned (20130918);"None (candidate not yet proposed)";"" 5.6.13;5;6;13;CVE-2013-5894;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64873 | URL:http://www.securityfocus.com/bid/64873 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102065 | URL:http://osvdb.org/102065 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135894(90376) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90376";Assigned (20130918);"None (candidate not yet proposed)";"" 5.1.72;5;1;72;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102078 | URL:http://osvdb.org/102078 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20135908(90389) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90389";Assigned (20130918);"None (candidate not yet proposed)";"" 5.5.34;5;5;34;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102078 | URL:http://osvdb.org/102078 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20135908(90389) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90389";Assigned (20130918);"None (candidate not yet proposed)";"" 5.6.14;5;6;14;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102078 | URL:http://osvdb.org/102078 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20135908(90389) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90389";Assigned (20130918);"None (candidate not yet proposed)";"" 5.5.34;5;5;34;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"MISC:102713 | URL:http://osvdb.org/102713 | MISC:102714 | URL:http://www.osvdb.org/102714 | MISC:1029708 | URL:http://www.securitytracker.com/id/1029708 | MISC:52161 | URL:http://secunia.com/advisories/52161 | MISC:65298 | URL:http://www.securityfocus.com/bid/65298 | MISC:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MISC:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | MISC:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | MISC:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | MISC:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | MISC:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | MISC:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | URL:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | MISC:https://mariadb.com/kb/en/mariadb-5535-changelog/ | URL:https://mariadb.com/kb/en/mariadb-5535-changelog/ | MISC:mysql-cve20140001-bo(90901) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90901";Assigned (20131203);"None (candidate not yet proposed)";"" 02.565.63;02;565;63;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"MISC:102713 | URL:http://osvdb.org/102713 | MISC:102714 | URL:http://www.osvdb.org/102714 | MISC:1029708 | URL:http://www.securitytracker.com/id/1029708 | MISC:52161 | URL:http://secunia.com/advisories/52161 | MISC:65298 | URL:http://www.securityfocus.com/bid/65298 | MISC:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MISC:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | MISC:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | MISC:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | MISC:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | MISC:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | MISC:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | URL:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | MISC:https://mariadb.com/kb/en/mariadb-5535-changelog/ | URL:https://mariadb.com/kb/en/mariadb-5535-changelog/ | MISC:mysql-cve20140001-bo(90901) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90901";Assigned (20131203);"None (candidate not yet proposed)";"" 5.5.35;5;5;35;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html";Assigned (20131212);"None (candidate not yet proposed)";"" 5.6.15;5;6;15;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html";Assigned (20131212);"None (candidate not yet proposed)";"" 5.1.71;5;1;71;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102069 | URL:http://osvdb.org/102069 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20140386(90380) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90380";Assigned (20131212);"None (candidate not yet proposed)";"" 5.5.33;5;5;33;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102069 | URL:http://osvdb.org/102069 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20140386(90380) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90380";Assigned (20131212);"None (candidate not yet proposed)";"" 5.6.13;5;6;13;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102069 | URL:http://osvdb.org/102069 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20140386(90380) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90380";Assigned (20131212);"None (candidate not yet proposed)";"" 5.1.71;5;1;71;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102075 | URL:http://osvdb.org/102075 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20140393(90386) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90386";Assigned (20131212);"None (candidate not yet proposed)";"" 5.5.33;5;5;33;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102075 | URL:http://osvdb.org/102075 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20140393(90386) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90386";Assigned (20131212);"None (candidate not yet proposed)";"" 5.6.13;5;6;13;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102075 | URL:http://osvdb.org/102075 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20140393(90386) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90386";Assigned (20131212);"None (candidate not yet proposed)";"" 5.1.72;5;1;72;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102071 | URL:http://osvdb.org/102071 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20140401(90382) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90382";Assigned (20131212);"None (candidate not yet proposed)";"" 5.5.34;5;5;34;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102071 | URL:http://osvdb.org/102071 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20140401(90382) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90382";Assigned (20131212);"None (candidate not yet proposed)";"" 5.6.14;5;6;14;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102071 | URL:http://osvdb.org/102071 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20140401(90382) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90382";Assigned (20131212);"None (candidate not yet proposed)";"" 5.1.71;5;1;71;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102068 | URL:http://osvdb.org/102068 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20140402(90379) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90379";Assigned (20131212);"None (candidate not yet proposed)";"" 5.5.33;5;5;33;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102068 | URL:http://osvdb.org/102068 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20140402(90379) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90379";Assigned (20131212);"None (candidate not yet proposed)";"" 5.6.13;5;6;13;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102068 | URL:http://osvdb.org/102068 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20140402(90379) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90379";Assigned (20131212);"None (candidate not yet proposed)";"" 5.1.72;5;1;72;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102067 | URL:http://osvdb.org/102067 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20140412(90378) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90378";Assigned (20131212);"None (candidate not yet proposed)";"" 5.5.34;5;5;34;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102067 | URL:http://osvdb.org/102067 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20140412(90378) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90378";Assigned (20131212);"None (candidate not yet proposed)";"" 5.6.14;5;6;14;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102067 | URL:http://osvdb.org/102067 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20140412(90378) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90378";Assigned (20131212);"None (candidate not yet proposed)";"" 5.5.34;5;5;34;CVE-2014-0420;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier; and 5.6.14 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Replication.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64888 | URL:http://www.securityfocus.com/bid/64888 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102077 | URL:http://osvdb.org/102077 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20140420(90388) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90388";Assigned (20131212);"None (candidate not yet proposed)";"" 5.6.14;5;6;14;CVE-2014-0420;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier; and 5.6.14 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Replication.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64888 | URL:http://www.securityfocus.com/bid/64888 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102077 | URL:http://osvdb.org/102077 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20140420(90388) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90388";Assigned (20131212);"None (candidate not yet proposed)";"" 5.6.13;5;6;13;CVE-2014-0427;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64868 | URL:http://www.securityfocus.com/bid/64868 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102072 | URL:http://osvdb.org/102072 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140427(90383) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90383";Assigned (20131212);"None (candidate not yet proposed)";"" 5.6.13;5;6;13;CVE-2014-0430;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64893 | URL:http://www.securityfocus.com/bid/64893 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102076 | URL:http://osvdb.org/102076 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140430(90387) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90387";Assigned (20131212);"None (candidate not yet proposed)";"" 5.6.14;5;6;14;CVE-2014-0431;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5881.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64897 | URL:http://www.securityfocus.com/bid/64897 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102073 | URL:http://osvdb.org/102073 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140431(90384) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90384";Assigned (20131212);"None (candidate not yet proposed)";"" 5.6.13;5;6;13;CVE-2014-0433;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64895 | URL:http://www.securityfocus.com/bid/64895 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140433(90375) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90375";Assigned (20131212);"None (candidate not yet proposed)";"" 5.1.72;5;1;72;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102074 | URL:http://osvdb.org/102074 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20140437(90385) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90385";Assigned (20131212);"None (candidate not yet proposed)";"" 5.5.34;5;5;34;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102074 | URL:http://osvdb.org/102074 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20140437(90385) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90385";Assigned (20131212);"None (candidate not yet proposed)";"" 5.6.14;5;6;14;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | OSVDB:102074 | URL:http://osvdb.org/102074 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | XF:oracle-cpujan2014-cve20140437(90385) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90385";Assigned (20131212);"None (candidate not yet proposed)";"" 5.5.35;5;5;35;CVE-2014-2419;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"BID:66880 | URL:http://www.securityfocus.com/bid/66880 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html";Assigned (20140313);"None (candidate not yet proposed)";"" 5.6.15;5;6;15;CVE-2014-2419;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"BID:66880 | URL:http://www.securityfocus.com/bid/66880 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html";Assigned (20140313);"None (candidate not yet proposed)";"" 5.5.36;5;5;36;CVE-2014-2430;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"BID:66858 | URL:http://www.securityfocus.com/bid/66858 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html";Assigned (20140313);"None (candidate not yet proposed)";"" 5.6.16;5;6;16;CVE-2014-2430;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"BID:66858 | URL:http://www.securityfocus.com/bid/66858 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html";Assigned (20140313);"None (candidate not yet proposed)";"" 5.5.36;5;5;36;CVE-2014-2431;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.";"BID:66890 | URL:http://www.securityfocus.com/bid/66890 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html";Assigned (20140313);"None (candidate not yet proposed)";"" 5.6.16;5;6;16;CVE-2014-2431;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.";"BID:66890 | URL:http://www.securityfocus.com/bid/66890 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html";Assigned (20140313);"None (candidate not yet proposed)";"" 5.5.35;5;5;35;CVE-2014-2432;Candidate;"Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.";"BID:66875 | URL:http://www.securityfocus.com/bid/66875 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html";Assigned (20140313);"None (candidate not yet proposed)";"" 5.6.15;5;6;15;CVE-2014-2432;Candidate;"Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.";"BID:66875 | URL:http://www.securityfocus.com/bid/66875 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html";Assigned (20140313);"None (candidate not yet proposed)";"" 5.6.15;5;6;15;CVE-2014-2434;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"BID:66872 | URL:http://www.securityfocus.com/bid/66872 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml";Assigned (20140313);"None (candidate not yet proposed)";"" 5.6.16;5;6;16;CVE-2014-2435;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"BID:66853 | URL:http://www.securityfocus.com/bid/66853 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml";Assigned (20140313);"None (candidate not yet proposed)";"" 5.5.36;5;5;36;CVE-2014-2436;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to RBR.";"BID:66896 | URL:http://www.securityfocus.com/bid/66896 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html";Assigned (20140313);"None (candidate not yet proposed)";"" 5.6.16;5;6;16;CVE-2014-2436;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to RBR.";"BID:66896 | URL:http://www.securityfocus.com/bid/66896 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html";Assigned (20140313);"None (candidate not yet proposed)";"" 5.5.35;5;5;35;CVE-2014-2438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"BID:66846 | URL:http://www.securityfocus.com/bid/66846 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html";Assigned (20140313);"None (candidate not yet proposed)";"" 5.6.15;5;6;15;CVE-2014-2438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"BID:66846 | URL:http://www.securityfocus.com/bid/66846 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html";Assigned (20140313);"None (candidate not yet proposed)";"" 5.6.15;5;6;15;CVE-2014-2442;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)";"" 5.6.15;5;6;15;CVE-2014-2444;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)";"" 5.6.15;5;6;15;CVE-2014-2450;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)";"" 5.6.15;5;6;15;CVE-2014-2451;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)";"" 5.6.17;5;6;17;CVE-2014-2484;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRFTS.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/534161/100/0/threaded | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html";Assigned (20140313);"None (candidate not yet proposed)";"" 5.5.37;5;5;37;CVE-2014-2494;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/534161/100/0/threaded | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140313);"None (candidate not yet proposed)";"" 5.5.37;5;5;37;CVE-2014-4207;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.";"BID:68593 | URL:http://www.securityfocus.com/bid/68593 | BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/534161/100/0/threaded | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | XF:oracle-cpujul2014-cve20144207(94624) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94624";Assigned (20140617);"None (candidate not yet proposed)";"" 5.6.17;5;6;17;CVE-2014-4214;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.";"BID:68607 | URL:http://www.securityfocus.com/bid/68607 | BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/534161/100/0/threaded | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | XF:oracle-cpujul2014-cve20144214(94627) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94627";Assigned (20140617);"None (candidate not yet proposed)";"" 5.6.17;5;6;17;CVE-2014-4233;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.";"BID:68598 | URL:http://www.securityfocus.com/bid/68598 | BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/534161/100/0/threaded | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | XF:oracle-cpujul2014-cve20144233(94625) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94625";Assigned (20140617);"None (candidate not yet proposed)";"" 5.6.17;5;6;17;CVE-2014-4238;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.";"BID:68587 | URL:http://www.securityfocus.com/bid/68587 | BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/534161/100/0/threaded | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | XF:oracle-cpujul2014-cve20144238(94623) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94623";Assigned (20140617);"None (candidate not yet proposed)";"" 5.6.17;5;6;17;CVE-2014-4240;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.";"BID:68602 | URL:http://www.securityfocus.com/bid/68602 | BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/534161/100/0/threaded | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | XF:oracle-cpujul2014-cve20144240(94626) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94626";Assigned (20140617);"None (candidate not yet proposed)";"" 5.5.35;5;5;35;CVE-2014-4243;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.";"BID:68611 | URL:http://www.securityfocus.com/bid/68611 | BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/534161/100/0/threaded | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | XF:oracle-cpujul2014-cve20144243(94628) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94628";Assigned (20140617);"None (candidate not yet proposed)";"" 5.6.15;5;6;15;CVE-2014-4243;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.";"BID:68611 | URL:http://www.securityfocus.com/bid/68611 | BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/534161/100/0/threaded | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | XF:oracle-cpujul2014-cve20144243(94628) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94628";Assigned (20140617);"None (candidate not yet proposed)";"" 5.5.37;5;5;37;CVE-2014-4258;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRINFOSC.";"BID:68564 | URL:http://www.securityfocus.com/bid/68564 | BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/534161/100/0/threaded | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | XF:oracle-cpujul2014-cve20144258(94620) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94620";Assigned (20140617);"None (candidate not yet proposed)";"" 5.6.17;5;6;17;CVE-2014-4258;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRINFOSC.";"BID:68564 | URL:http://www.securityfocus.com/bid/68564 | BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/534161/100/0/threaded | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | XF:oracle-cpujul2014-cve20144258(94620) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94620";Assigned (20140617);"None (candidate not yet proposed)";"" 5.5.37;5;5;37;CVE-2014-4260;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier; and 5.6.17 and earlier; allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.";"BID:68573 | URL:http://www.securityfocus.com/bid/68573 | BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/534161/100/0/threaded | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | XF:oracle-cpujul2014-cve20144260(94621) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94621";Assigned (20140617);"None (candidate not yet proposed)";"" 5.6.17;5;6;17;CVE-2014-4260;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier; and 5.6.17 and earlier; allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.";"BID:68573 | URL:http://www.securityfocus.com/bid/68573 | BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/534161/100/0/threaded | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | XF:oracle-cpujul2014-cve20144260(94621) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94621";Assigned (20140617);"None (candidate not yet proposed)";"" 5.5.38;5;5;38;CVE-2014-4274;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to SERVER:MyISAM.";"BID:69732 | URL:http://www.securityfocus.com/bid/69732 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140617);"None (candidate not yet proposed)";"" 5.6.19;5;6;19;CVE-2014-4274;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to SERVER:MyISAM.";"BID:69732 | URL:http://www.securityfocus.com/bid/69732 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140617);"None (candidate not yet proposed)";"" 5.5.38;5;5;38;CVE-2014-4287;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.";"BID:70517 | URL:http://www.securityfocus.com/bid/70517 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140617);"None (candidate not yet proposed)";"" 5.6.19;5;6;19;CVE-2014-4287;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.";"BID:70517 | URL:http://www.securityfocus.com/bid/70517 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140617);"None (candidate not yet proposed)";"" 5.5.38;5;5;38;CVE-2014-6463;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.";"BID:70532 | URL:http://www.securityfocus.com/bid/70532 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.6.19;5;6;19;CVE-2014-6463;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.";"BID:70532 | URL:http://www.securityfocus.com/bid/70532 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.5.39;5;5;39;CVE-2014-6464;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.";"BID:70451 | URL:http://www.securityfocus.com/bid/70451 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.6.20;5;6;20;CVE-2014-6464;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.";"BID:70451 | URL:http://www.securityfocus.com/bid/70451 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.5.39;5;5;39;CVE-2014-6469;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.";"BID:70446 | URL:http://www.securityfocus.com/bid/70446 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.6.20;5;6;20;CVE-2014-6469;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.";"BID:70446 | URL:http://www.securityfocus.com/bid/70446 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.6.19;5;6;19;CVE-2014-6474;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.5.38;5;5;38;CVE-2014-6478;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.";"BID:70489 | URL:http://www.securityfocus.com/bid/70489 | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.6.19;5;6;19;CVE-2014-6478;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.";"BID:70489 | URL:http://www.securityfocus.com/bid/70489 | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.5.38;5;5;38;CVE-2014-6484;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:DML.";"BID:70455 | URL:http://www.securityfocus.com/bid/70455 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.6.19;5;6;19;CVE-2014-6484;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:DML.";"BID:70455 | URL:http://www.securityfocus.com/bid/70455 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.6.19;5;6;19;CVE-2014-6489;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.";"BID:70525 | URL:http://www.securityfocus.com/bid/70525 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.5.39;5;5;39;CVE-2014-6491;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6500.";"BID:70444 | URL:http://www.securityfocus.com/bid/70444 | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.6.20;5;6;20;CVE-2014-6491;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6500.";"BID:70444 | URL:http://www.securityfocus.com/bid/70444 | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.5.39;5;5;39;CVE-2014-6494;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6496.";"BID:70497 | URL:http://www.securityfocus.com/bid/70497 | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.6.20;5;6;20;CVE-2014-6494;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6496.";"BID:70497 | URL:http://www.securityfocus.com/bid/70497 | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.5.38;5;5;38;CVE-2014-6495;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.";"BID:70496 | URL:http://www.securityfocus.com/bid/70496 | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.6.19;5;6;19;CVE-2014-6495;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.";"BID:70496 | URL:http://www.securityfocus.com/bid/70496 | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.5.39;5;5;39;CVE-2014-6496;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6494.";"BID:70469 | URL:http://www.securityfocus.com/bid/70469 | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.6.20;5;6;20;CVE-2014-6496;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6494.";"BID:70469 | URL:http://www.securityfocus.com/bid/70469 | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.5.39;5;5;39;CVE-2014-6500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6491.";"BID:70478 | URL:http://www.securityfocus.com/bid/70478 | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.6.20;5;6;20;CVE-2014-6500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6491.";"BID:70478 | URL:http://www.securityfocus.com/bid/70478 | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.5.38;5;5;38;CVE-2014-6505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.";"BID:70516 | URL:http://www.securityfocus.com/bid/70516 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.6.19;5;6;19;CVE-2014-6505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.";"BID:70516 | URL:http://www.securityfocus.com/bid/70516 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.5.39;5;5;39;CVE-2014-6507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"BID:70550 | URL:http://www.securityfocus.com/bid/70550 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.6.20;5;6;20;CVE-2014-6507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"BID:70550 | URL:http://www.securityfocus.com/bid/70550 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.5.38;5;5;38;CVE-2014-6520;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.";"BID:70510 | URL:http://www.securityfocus.com/bid/70510 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.5.38;5;5;38;CVE-2014-6530;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to CLIENT:MYSQLDUMP.";"BID:70486 | URL:http://www.securityfocus.com/bid/70486 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.6.19;5;6;19;CVE-2014-6530;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to CLIENT:MYSQLDUMP.";"BID:70486 | URL:http://www.securityfocus.com/bid/70486 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.5.38;5;5;38;CVE-2014-6551;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.";"BID:70462 | URL:http://www.securityfocus.com/bid/70462 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.6.19;5;6;19;CVE-2014-6551;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.";"BID:70462 | URL:http://www.securityfocus.com/bid/70462 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.5.39;5;5;39;CVE-2014-6555;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"BID:70530 | URL:http://www.securityfocus.com/bid/70530 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.6.20;5;6;20;CVE-2014-6555;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"BID:70530 | URL:http://www.securityfocus.com/bid/70530 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.5.39;5;5;39;CVE-2014-6559;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.";"BID:70487 | URL:http://www.securityfocus.com/bid/70487 | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.6.20;5;6;20;CVE-2014-6559;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.";"BID:70487 | URL:http://www.securityfocus.com/bid/70487 | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.6.19;5;6;19;CVE-2014-6564;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.";"BID:70511 | URL:http://www.securityfocus.com/bid/70511 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)";"" 5.5.40;5;5;40;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"BID:72210 | URL:http://www.securityfocus.com/bid/72210 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1";Assigned (20140917);"None (candidate not yet proposed)";"" 5.6.21;5;6;21;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"BID:72210 | URL:http://www.securityfocus.com/bid/72210 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1";Assigned (20140917);"None (candidate not yet proposed)";"" 5.5.40;5;5;40;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"BID:72227 | URL:http://www.securityfocus.com/bid/72227 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | XF:oracle-cpujan2015-cve20150374(100191) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100191";Assigned (20141217);"None (candidate not yet proposed)";"" 5.6.21;5;6;21;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"BID:72227 | URL:http://www.securityfocus.com/bid/72227 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | XF:oracle-cpujan2015-cve20150374(100191) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100191";Assigned (20141217);"None (candidate not yet proposed)";"" 5.5.40;5;5;40;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"BID:72214 | URL:http://www.securityfocus.com/bid/72214 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | XF:oracle-cpujan2015-cve20150381(100185) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100185";Assigned (20141217);"None (candidate not yet proposed)";"" 5.6.21;5;6;21;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"BID:72214 | URL:http://www.securityfocus.com/bid/72214 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | XF:oracle-cpujan2015-cve20150381(100185) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100185";Assigned (20141217);"None (candidate not yet proposed)";"" 5.5.40;5;5;40;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"BID:72200 | URL:http://www.securityfocus.com/bid/72200 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | XF:oracle-cpujan2015-cve20150382(100184) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100184";Assigned (20141217);"None (candidate not yet proposed)";"" 5.6.21;5;6;21;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"BID:72200 | URL:http://www.securityfocus.com/bid/72200 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | XF:oracle-cpujan2015-cve20150382(100184) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100184";Assigned (20141217);"None (candidate not yet proposed)";"" 5.6.21;5;6;21;CVE-2015-0385;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.";"BID:72229 | URL:http://www.securityfocus.com/bid/72229 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150385(100190) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100190";Assigned (20141217);"None (candidate not yet proposed)";"" 5.5.38;5;5;38;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"BID:72205 | URL:http://www.securityfocus.com/bid/72205 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | XF:oracle-cpujan2015-cve20150391(100186) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100186";Assigned (20141217);"None (candidate not yet proposed)";"" 5.6.19;5;6;19;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"BID:72205 | URL:http://www.securityfocus.com/bid/72205 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | XF:oracle-cpujan2015-cve20150391(100186) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100186";Assigned (20141217);"None (candidate not yet proposed)";"" 5.6.22;5;6;22;CVE-2015-0405;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)";"" 5.6.21;5;6;21;CVE-2015-0409;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"BID:72223 | URL:http://www.securityfocus.com/bid/72223 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150409(100188) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100188";Assigned (20141217);"None (candidate not yet proposed)";"" 5.5.40;5;5;40;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"BID:72191 | URL:http://www.securityfocus.com/bid/72191 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | XF:oracle-cpujan2015-cve20150411(100183) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100183";Assigned (20141217);"None (candidate not yet proposed)";"" 5.6.21;5;6;21;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"BID:72191 | URL:http://www.securityfocus.com/bid/72191 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | XF:oracle-cpujan2015-cve20150411(100183) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100183";Assigned (20141217);"None (candidate not yet proposed)";"" 5.6.22;5;6;22;CVE-2015-0423;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)";"" 5.5.40;5;5;40;CVE-2015-0432;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.";"BID:72217 | URL:http://www.securityfocus.com/bid/72217 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | XF:oracle-cpujan2015-cve20150432(100187) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100187";Assigned (20141217);"None (candidate not yet proposed)";"" 5.5.41;5;5;41;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1";Assigned (20141217);"None (candidate not yet proposed)";"" 5.6.22;5;6;22;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1";Assigned (20141217);"None (candidate not yet proposed)";"" 5.6.22;5;6;22;CVE-2015-0438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)";"" 5.6.22;5;6;22;CVE-2015-0439;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-4756.";"BID:74085 | URL:http://www.securityfocus.com/bid/74085 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)";"" 5.5.41;5;5;41;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1";Assigned (20141217);"None (candidate not yet proposed)";"" 5.6.22;5;6;22;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1";Assigned (20141217);"None (candidate not yet proposed)";"" 5.6.23;5;6;23;CVE-2015-0498;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)";"" 5.5.42;5;5;42;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1";Assigned (20141217);"None (candidate not yet proposed)";"" 5.6.23;5;6;23;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1";Assigned (20141217);"None (candidate not yet proposed)";"" 5.6.23;5;6;23;CVE-2015-0500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.";"BID:74081 | URL:http://www.securityfocus.com/bid/74081 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)";"" 5.5.42;5;5;42;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1";Assigned (20141217);"None (candidate not yet proposed)";"" 5.6.23;5;6;23;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1";Assigned (20141217);"None (candidate not yet proposed)";"" 5.6.23;5;6;23;CVE-2015-0503;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)";"" 5.5.42;5;5;42;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"BID:74112 | URL:http://www.securityfocus.com/bid/74112 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1";Assigned (20141217);"None (candidate not yet proposed)";"" 5.6.23;5;6;23;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"BID:74112 | URL:http://www.securityfocus.com/bid/74112 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1";Assigned (20141217);"None (candidate not yet proposed)";"" 5.6.23;5;6;23;CVE-2015-0506;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2015-0508.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)";"" 5.6.23;5;6;23;CVE-2015-0507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)";"" 5.6.23;5;6;23;CVE-2015-0508;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0506.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)";"" 5.6.23;5;6;23;CVE-2015-0511;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)";"" 2.2.12;2;2;12;CVE-2015-1027;Candidate;"The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.";"CONFIRM:https://bugs.launchpad.net/percona-toolkit/+bug/1408375 | CONFIRM:https://www.percona.com/blog/2015/05/06/percona-security-advisory-cve-2015-1027/";Assigned (20150110);"None (candidate not yet proposed)";"" 2.2.8;2;2;8;CVE-2015-1027;Candidate;"The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.";"CONFIRM:https://bugs.launchpad.net/percona-toolkit/+bug/1408375 | CONFIRM:https://www.percona.com/blog/2015/05/06/percona-security-advisory-cve-2015-1027/";Assigned (20150110);"None (candidate not yet proposed)";"" 5.6.22;5;6;22;CVE-2015-2566;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)";"" 5.6.23;5;6;23;CVE-2015-2567;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)";"" 5.5.41;5;5;41;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"BID:74073 | URL:http://www.securityfocus.com/bid/74073 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1";Assigned (20150320);"None (candidate not yet proposed)";"" 5.6.22;5;6;22;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"BID:74073 | URL:http://www.securityfocus.com/bid/74073 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1";Assigned (20150320);"None (candidate not yet proposed)";"" 5.5.42;5;5;42;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"BID:74095 | URL:http://www.securityfocus.com/bid/74095 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1";Assigned (20150320);"None (candidate not yet proposed)";"" 5.6.23;5;6;23;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"BID:74095 | URL:http://www.securityfocus.com/bid/74095 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1";Assigned (20150320);"None (candidate not yet proposed)";"" 5.5.41;5;5;41;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"BID:74078 | URL:http://www.securityfocus.com/bid/74078 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1";Assigned (20150320);"None (candidate not yet proposed)";"" 5.6.22;5;6;22;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"BID:74078 | URL:http://www.securityfocus.com/bid/74078 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1";Assigned (20150320);"None (candidate not yet proposed)";"" 5.5.43;5;5;43;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"BID:75751 | URL:http://www.securityfocus.com/bid/75751 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911 | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150320);"None (candidate not yet proposed)";"" 5.6.24;5;6;24;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"BID:75751 | URL:http://www.securityfocus.com/bid/75751 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911 | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150320);"None (candidate not yet proposed)";"" 5.6.24;5;6;24;CVE-2015-2611;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"BID:75762 | URL:http://www.securityfocus.com/bid/75762 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911 | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150320);"None (candidate not yet proposed)";"" 5.6.24;5;6;24;CVE-2015-2617;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Partition.";"BID:75774 | URL:http://www.securityfocus.com/bid/75774 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911 | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150320);"None (candidate not yet proposed)";"" 5.5.43;5;5;43;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"BID:75837 | URL:http://www.securityfocus.com/bid/75837 | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911 | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150320);"None (candidate not yet proposed)";"" 5.6.23;5;6;23;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"BID:75837 | URL:http://www.securityfocus.com/bid/75837 | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911 | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150320);"None (candidate not yet proposed)";"" 5.6.24;5;6;24;CVE-2015-2639;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.";"BID:75760 | URL:http://www.securityfocus.com/bid/75760 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911 | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150320);"None (candidate not yet proposed)";"" 5.6.24;5;6;24;CVE-2015-2641;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"BID:75815 | URL:http://www.securityfocus.com/bid/75815 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911 | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150320);"None (candidate not yet proposed)";"" 5.5.43;5;5;43;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"BID:75830 | URL:http://www.securityfocus.com/bid/75830 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911 | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150320);"None (candidate not yet proposed)";"" 5.6.24;5;6;24;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"BID:75830 | URL:http://www.securityfocus.com/bid/75830 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911 | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150320);"None (candidate not yet proposed)";"" 5.5.43;5;5;43;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"BID:75822 | URL:http://www.securityfocus.com/bid/75822 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911 | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150320);"None (candidate not yet proposed)";"" 5.6.24;5;6;24;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"BID:75822 | URL:http://www.securityfocus.com/bid/75822 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911 | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150320);"None (candidate not yet proposed)";"" 5.6.24;5;6;24;CVE-2015-2661;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.";"BID:75813 | URL:http://www.securityfocus.com/bid/75813 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911 | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150320);"None (candidate not yet proposed)";"" 5.7.2;5;7;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BID:74398 | URL:http://www.securityfocus.com/bid/74398 | BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/535397/100/1100/threaded | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)";"" 6.1.2;6;1;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BID:74398 | URL:http://www.securityfocus.com/bid/74398 | BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/535397/100/1100/threaded | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)";"" 5.5.43;5;5;43;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BID:74398 | URL:http://www.securityfocus.com/bid/74398 | BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/535397/100/1100/threaded | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)";"" 5.5.43;5;5;43;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"BID:75802 | URL:http://www.securityfocus.com/bid/75802 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911 | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.23;5;6;23;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"BID:75802 | URL:http://www.securityfocus.com/bid/75802 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911 | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.5.43;5;5;43;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"BID:75849 | URL:http://www.securityfocus.com/bid/75849 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911 | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.24;5;6;24;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"BID:75849 | URL:http://www.securityfocus.com/bid/75849 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911 | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.22;5;6;22;CVE-2015-4756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0439.";"BID:75785 | URL:http://www.securityfocus.com/bid/75785 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911 | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html";Assigned (20150624);"None (candidate not yet proposed)";"" 5.5.42;5;5;42;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"BID:75759 | URL:http://www.securityfocus.com/bid/75759 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911 | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.23;5;6;23;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"BID:75759 | URL:http://www.securityfocus.com/bid/75759 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911 | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.24;5;6;24;CVE-2015-4761;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"BID:75770 | URL:http://www.securityfocus.com/bid/75770 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911 | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.25;5;6;25;CVE-2015-4766;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.";"BID:77232 | URL:http://www.securityfocus.com/bid/77232 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.24;5;6;24;CVE-2015-4767;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4769.";"BID:75844 | URL:http://www.securityfocus.com/bid/75844 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911 | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.24;5;6;24;CVE-2015-4769;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4767.";"BID:75753 | URL:http://www.securityfocus.com/bid/75753 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911 | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.24;5;6;24;CVE-2015-4771;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.";"BID:75835 | URL:http://www.securityfocus.com/bid/75835 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911 | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.24;5;6;24;CVE-2015-4772;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"BID:75781 | URL:http://www.securityfocus.com/bid/75781 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911 | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.26;5;6;26;CVE-2015-4791;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"BID:77213 | URL:http://www.securityfocus.com/bid/77213 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)";"" 5.5.45;5;5;45;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"BID:77171 | URL:http://www.securityfocus.com/bid/77171 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.26;5;6;26;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"BID:77171 | URL:http://www.securityfocus.com/bid/77171 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.26;5;6;26;CVE-2015-4800;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"BID:77216 | URL:http://www.securityfocus.com/bid/77216 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.5.45;5;5;45;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"BID:77165 | URL:http://www.securityfocus.com/bid/77165 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.26;5;6;26;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"BID:77165 | URL:http://www.securityfocus.com/bid/77165 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.5.45;5;5;45;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"BID:77222 | URL:http://www.securityfocus.com/bid/77222 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.26;5;6;26;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"BID:77222 | URL:http://www.securityfocus.com/bid/77222 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.5.44;5;5;44;CVE-2015-4816;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"BID:77134 | URL:http://www.securityfocus.com/bid/77134 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.5.44;5;5;44;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"BID:77196 | URL:http://www.securityfocus.com/bid/77196 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.25;5;6;25;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"BID:77196 | URL:http://www.securityfocus.com/bid/77196 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.5.45;5;5;45;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"BID:77237 | URL:http://www.securityfocus.com/bid/77237 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.26;5;6;26;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"BID:77237 | URL:http://www.securityfocus.com/bid/77237 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.5.45;5;5;45;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"BID:77228 | URL:http://www.securityfocus.com/bid/77228 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.26;5;6;26;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"BID:77228 | URL:http://www.securityfocus.com/bid/77228 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.25;5;6;25;CVE-2015-4833;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"BID:77170 | URL:http://www.securityfocus.com/bid/77170 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.5.45;5;5;45;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"BID:77190 | URL:http://www.securityfocus.com/bid/77190 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.26;5;6;26;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"BID:77190 | URL:http://www.securityfocus.com/bid/77190 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.5.45;5;5;45;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"BID:77145 | URL:http://www.securityfocus.com/bid/77145 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.26;5;6;26;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"BID:77145 | URL:http://www.securityfocus.com/bid/77145 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.5.45;5;5;45;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"BID:77137 | URL:http://www.securityfocus.com/bid/77137 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.26;5;6;26;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"BID:77137 | URL:http://www.securityfocus.com/bid/77137 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.26;5;6;26;CVE-2015-4862;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"BID:77147 | URL:http://www.securityfocus.com/bid/77147 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.5.43;5;5;43;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"BID:77187 | URL:http://www.securityfocus.com/bid/77187 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.24;5;6;24;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"BID:77187 | URL:http://www.securityfocus.com/bid/77187 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.23;5;6;23;CVE-2015-4866;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"BID:77132 | URL:http://www.securityfocus.com/bid/77132 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.5.45;5;5;45;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"BID:77208 | URL:http://www.securityfocus.com/bid/77208 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | EXPLOIT-DB:39867 | URL:https://www.exploit-db.com/exploits/39867/ | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | MISC:http://packetstormsecurity.com/files/137232/MySQL-Procedure-Analyse-Denial-Of-Service.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.26;5;6;26;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"BID:77208 | URL:http://www.securityfocus.com/bid/77208 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | EXPLOIT-DB:39867 | URL:https://www.exploit-db.com/exploits/39867/ | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | MISC:http://packetstormsecurity.com/files/137232/MySQL-Procedure-Analyse-Denial-Of-Service.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.5.44;5;5;44;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"BID:77140 | URL:http://www.securityfocus.com/bid/77140 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.25;5;6;25;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"BID:77140 | URL:http://www.securityfocus.com/bid/77140 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.26;5;6;26;CVE-2015-4890;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.";"BID:77231 | URL:http://www.securityfocus.com/bid/77231 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.25;5;6;25;CVE-2015-4895;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"BID:77136 | URL:http://www.securityfocus.com/bid/77136 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.25;5;6;25;CVE-2015-4904;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.";"BID:77219 | URL:http://www.securityfocus.com/bid/77219 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.23;5;6;23;CVE-2015-4905;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.";"BID:77143 | URL:http://www.securityfocus.com/bid/77143 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.26;5;6;26;CVE-2015-4910;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"BID:77234 | URL:http://www.securityfocus.com/bid/77234 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.5.45;5;5;45;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"BID:77153 | URL:http://www.securityfocus.com/bid/77153 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.26;5;6;26;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"BID:77153 | URL:http://www.securityfocus.com/bid/77153 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1";Assigned (20150624);"None (candidate not yet proposed)";"" 5.6.27;5;6;27;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)";"" 2.17.0;2;17;0;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)";"" 10.0.21;10;0;21;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)";"" 2.21.1;2;21;1;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)";"" 5.4.42;5;4;42;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)";"" 5.5.26;5;5;26;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)";"" 5.6.10;5;6;10;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)";"" 5.5.45;5;5;45;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"BID:81066 | URL:http://www.securityfocus.com/bid/81066 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708 | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1";Assigned (20151209);"None (candidate not yet proposed)";"" 5.6.26;5;6;26;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"BID:81066 | URL:http://www.securityfocus.com/bid/81066 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708 | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1";Assigned (20151209);"None (candidate not yet proposed)";"" 5.7.8;5;7;8;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"BID:81066 | URL:http://www.securityfocus.com/bid/81066 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708 | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1";Assigned (20151209);"None (candidate not yet proposed)";"" 5.5.46;5;5;46;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"BID:81066 | URL:http://www.securityfocus.com/bid/81066 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708 | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1";Assigned (20151209);"None (candidate not yet proposed)";"" 10.0.22;10;0;22;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"BID:81066 | URL:http://www.securityfocus.com/bid/81066 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708 | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1";Assigned (20151209);"None (candidate not yet proposed)";"" 10.1.9;10;1;9;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"BID:81066 | URL:http://www.securityfocus.com/bid/81066 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708 | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1";Assigned (20151209);"None (candidate not yet proposed)";"" 3.16.0;3;16;0;CVE-2016-10550;Candidate;"sequelize is an Object-relational mapping; or a middleman to convert things from Postgres; MySQL; MariaDB; SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the `limit` or `order` parameters; a malicious user can put in their own SQL statements. This affects sequelize 3.16.0 and earlier.";"MISC:https://github.com/sequelize/sequelize/pull/5167/commits/f282d85e60e3df5e57ecdb82adccb4eaef404f03 | MISC:https://nodesecurity.io/advisories/112";Assigned (20171029);"None (candidate not yet proposed)";"" 2.1.3;2;1;3;CVE-2016-10553;Candidate;"sequelize is an Object-relational mapping; or a middleman to convert things from Postgres; MySQL; MariaDB; SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier.";"MISC:https://github.com/sequelize/sequelize/blob/master/changelog.md#300 | MISC:https://nodesecurity.io/advisories/109";Assigned (20171029);"None (candidate not yet proposed)";"" 1.7.-1;1;7;-1;CVE-2016-10554;Candidate;"sequelize is an Object-relational mapping; or a middleman to convert things from Postgres; MySQL; MariaDB; SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3; sequelize defaulted SQLite to use MySQL backslash escaping; even though SQLite uses Postgres escaping.";"MISC:https://github.com/sequelize/sequelize/commit/c876192aa6ce1f67e22b26a4d175b8478615f42d | MISC:https://nodesecurity.io/advisories/113";Assigned (20171029);"None (candidate not yet proposed)";"" 3.19.3;3;19;3;CVE-2016-10556;Candidate;"sequelize is an Object-relational mapping; or a middleman to convert things from Postgres; MySQL; MariaDB; SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres; SQLite; and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This causes potential SQL injection in sequelize 3.19.3 and earlier; where a malicious user could put `[""test""; ""'); DELETE TestTable WHERE Id = 1 --')""]` inside of ``` database.query('SELECT * FROM TestTable WHERE Name IN (:names)'; { replacements: { names: directCopyOfUserInput } }); ``` and cause the SQL statement to become `SELECT Id FROM Table WHERE Name IN ('test'; '\'); DELETE TestTable WHERE Id = 1 --')`. In Postgres; MSSQL; and SQLite; the backslash has no special meaning. This causes the the statement to delete whichever Id has a value of 1 in the TestTable table.";"MISC:https://github.com/sequelize/sequelize/issues/5671 | MISC:https://nodesecurity.io/advisories/102";Assigned (20171029);"None (candidate not yet proposed)";"" 5.5.46;5;5;46;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"BID:81810 | URL:http://www.securityfocus.com/bid/81810 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606 | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1";Assigned (20160122);"None (candidate not yet proposed)";"" 10.0.22;10;0;22;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"BID:81810 | URL:http://www.securityfocus.com/bid/81810 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606 | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1";Assigned (20160122);"None (candidate not yet proposed)";"" 10.1.9;10;1;9;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"BID:81810 | URL:http://www.securityfocus.com/bid/81810 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606 | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1";Assigned (20160122);"None (candidate not yet proposed)";"" 5.5.47;5;5;47;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"BID:81810 | URL:http://www.securityfocus.com/bid/81810 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606 | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1";Assigned (20160122);"None (candidate not yet proposed)";"" 5.6.28;5;6;28;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"BID:81810 | URL:http://www.securityfocus.com/bid/81810 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606 | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1";Assigned (20160122);"None (candidate not yet proposed)";"" 5.7.10;5;7;10;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"BID:81810 | URL:http://www.securityfocus.com/bid/81810 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606 | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1";Assigned (20160122);"None (candidate not yet proposed)";"" 5.7.12;5;7;12;CVE-2016-3424;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91976 | URL:http://www.securityfocus.com/bid/91976 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 5.7.11;5;7;11;CVE-2016-3440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91910 | URL:http://www.securityfocus.com/bid/91910 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)";"" 5.5.47;5;5;47;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)";"" 5.6.28;5;6;28;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)";"" 5.7.9;5;7;9;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)";"" 5.5.48;5;5;48;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)";"" 10.0.24;10;0;24;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)";"" 10.1.13;10;1;13;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)";"" 5.6.29;5;6;29;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 5.7.11;5;7;11;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 10.0.24;10;0;24;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 10.1.13;10;1;13;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 3.0.25;3;0;25;CVE-2016-3461;Candidate;"Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality; integrity; and availability via vectors related to Monitoring: Server.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | MISC:https://www.tenable.com/security/research/tra-2016-11 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160317);"None (candidate not yet proposed)";"" 3.1.2;3;1;2;CVE-2016-3461;Candidate;"Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality; integrity; and availability via vectors related to Monitoring: Server.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | MISC:https://www.tenable.com/security/research/tra-2016-11 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160317);"None (candidate not yet proposed)";"" 5.5.45;5;5;45;CVE-2016-3471;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Option.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91913 | URL:http://www.securityfocus.com/bid/91913 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)";"" 5.6.26;5;6;26;CVE-2016-3471;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Option.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91913 | URL:http://www.securityfocus.com/bid/91913 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)";"" 5.5.48;5;5;48;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 5.6.29;5;6;29;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 5.7.11;5;7;11;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 5.5.49;5;5;49;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 10.0.25;10;0;25;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 10.1.14;10;1;14;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 5.6.30;5;6;30;CVE-2016-3486;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91980 | URL:http://www.securityfocus.com/bid/91980 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 5.7.12;5;7;12;CVE-2016-3486;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91980 | URL:http://www.securityfocus.com/bid/91980 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 5.5.51;5;5;51;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"BID:93650 | URL:http://www.securityfocus.com/bid/93650 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160317);"None (candidate not yet proposed)";"" 5.6.32;5;6;32;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"BID:93650 | URL:http://www.securityfocus.com/bid/93650 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160317);"None (candidate not yet proposed)";"" 5.7.14;5;7;14;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"BID:93650 | URL:http://www.securityfocus.com/bid/93650 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160317);"None (candidate not yet proposed)";"" 5.7.13;5;7;13;CVE-2016-3495;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"BID:93670 | URL:http://www.securityfocus.com/bid/93670 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160317);"None (candidate not yet proposed)";"" 5.6.30;5;6;30;CVE-2016-3501;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91949 | URL:http://www.securityfocus.com/bid/91949 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 5.7.12;5;7;12;CVE-2016-3501;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91949 | URL:http://www.securityfocus.com/bid/91949 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 5.7.12;5;7;12;CVE-2016-3518;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91967 | URL:http://www.securityfocus.com/bid/91967 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 5.5.48;5;5;48;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 5.6.29;5;6;29;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 5.7.11;5;7;11;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 5.5.49;5;5;49;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 10.0.25;10;0;25;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 10.1.14;10;1;14;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 5.7.12;5;7;12;CVE-2016-3588;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91983 | URL:http://www.securityfocus.com/bid/91983 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 5.6.30;5;6;30;CVE-2016-3614;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91992 | URL:http://www.securityfocus.com/bid/91992 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 5.7.12;5;7;12;CVE-2016-3614;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91992 | URL:http://www.securityfocus.com/bid/91992 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 5.5.48;5;5;48;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 5.6.29;5;6;29;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 5.7.11;5;7;11;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 5.5.49;5;5;49;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 10.0.25;10;0;25;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 10.1.14;10;1;14;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160317);"None (candidate not yet proposed)";"" 5.7.12;5;7;12;CVE-2016-5436;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91906 | URL:http://www.securityfocus.com/bid/91906 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160616);"None (candidate not yet proposed)";"" 5.7.12;5;7;12;CVE-2016-5437;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91917 | URL:http://www.securityfocus.com/bid/91917 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160616);"None (candidate not yet proposed)";"" 5.6.30;5;6;30;CVE-2016-5439;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91969 | URL:http://www.securityfocus.com/bid/91969 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160616);"None (candidate not yet proposed)";"" 5.7.12;5;7;12;CVE-2016-5439;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91969 | URL:http://www.securityfocus.com/bid/91969 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160616);"None (candidate not yet proposed)";"" 5.5.48;5;5;48;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160616);"None (candidate not yet proposed)";"" 5.6.29;5;6;29;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160616);"None (candidate not yet proposed)";"" 5.7.11;5;7;11;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160616);"None (candidate not yet proposed)";"" 5.5.49;5;5;49;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160616);"None (candidate not yet proposed)";"" 10.0.25;10;0;25;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160616);"None (candidate not yet proposed)";"" 10.1.14;10;1;14;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160616);"None (candidate not yet proposed)";"" 5.7.12;5;7;12;CVE-2016-5441;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91915 | URL:http://www.securityfocus.com/bid/91915 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160616);"None (candidate not yet proposed)";"" 5.7.12;5;7;12;CVE-2016-5442;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91974 | URL:http://www.securityfocus.com/bid/91974 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160616);"None (candidate not yet proposed)";"" 5.7.12;5;7;12;CVE-2016-5443;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91963 | URL:http://www.securityfocus.com/bid/91963 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1";Assigned (20160616);"None (candidate not yet proposed)";"" 5.5.47;5;5;47;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)";"" 5.6.28;5;6;28;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)";"" 5.7.10;5;7;10;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)";"" 5.5.48;5;5;48;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)";"" 10.0.24;10;0;24;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)";"" 10.1.13;10;1;13;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)";"" 5.6.32;5;6;32;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"BID:93678 | URL:http://www.securityfocus.com/bid/93678 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)";"" 5.7.14;5;7;14;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"BID:93678 | URL:http://www.securityfocus.com/bid/93678 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)";"" 5.5.52;5;5;52;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"BID:93735 | URL:http://www.securityfocus.com/bid/93735 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | DEBIAN:DSA-3706 | URL:http://www.debian.org/security/2016/dsa-3706 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)";"" 5.6.33;5;6;33;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"BID:93735 | URL:http://www.securityfocus.com/bid/93735 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | DEBIAN:DSA-3706 | URL:http://www.debian.org/security/2016/dsa-3706 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)";"" 5.7.15;5;7;15;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"BID:93735 | URL:http://www.securityfocus.com/bid/93735 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | DEBIAN:DSA-3706 | URL:http://www.debian.org/security/2016/dsa-3706 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)";"" 5.7.14;5;7;14;CVE-2016-5625;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Packaging.";"BID:93617 | URL:http://www.securityfocus.com/bid/93617 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)";"" 5.6.31;5;6;31;CVE-2016-5627;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.";"BID:93642 | URL:http://www.securityfocus.com/bid/93642 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)";"" 5.7.13;5;7;13;CVE-2016-5627;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.";"BID:93642 | URL:http://www.securityfocus.com/bid/93642 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)";"" 5.7.13;5;7;13;CVE-2016-5628;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML.";"BID:93662 | URL:http://www.securityfocus.com/bid/93662 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)";"" 5.5.51;5;5;51;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"BID:93668 | URL:http://www.securityfocus.com/bid/93668 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)";"" 5.6.32;5;6;32;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"BID:93668 | URL:http://www.securityfocus.com/bid/93668 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)";"" 5.7.14;5;7;14;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"BID:93668 | URL:http://www.securityfocus.com/bid/93668 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)";"" 5.6.31;5;6;31;CVE-2016-5630;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"BID:93674 | URL:http://www.securityfocus.com/bid/93674 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)";"" 5.7.13;5;7;13;CVE-2016-5630;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"BID:93674 | URL:http://www.securityfocus.com/bid/93674 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)";"" 5.7.13;5;7;13;CVE-2016-5631;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached.";"BID:93684 | URL:http://www.securityfocus.com/bid/93684 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)";"" 5.7.14;5;7;14;CVE-2016-5632;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.";"BID:93693 | URL:http://www.securityfocus.com/bid/93693 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)";"" 5.7.13;5;7;13;CVE-2016-5633;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-8290.";"BID:93702 | URL:http://www.securityfocus.com/bid/93702 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)";"" 5.7.13;5;7;13;CVE-2016-5635;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit.";"BID:93715 | URL:http://www.securityfocus.com/bid/93715 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)";"" 5.5.51;5;5;51;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"BID:92912 | URL:http://www.securityfocus.com/bid/92912 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)";"" 5.6.32;5;6;32;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"BID:92912 | URL:http://www.securityfocus.com/bid/92912 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)";"" 5.7.14;5;7;14;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"BID:92912 | URL:http://www.securityfocus.com/bid/92912 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)";"" 5.5.50;5;5;50;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"BID:92912 | URL:http://www.securityfocus.com/bid/92912 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)";"" 10.0.26;10;0;26;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"BID:92912 | URL:http://www.securityfocus.com/bid/92912 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)";"" 10.1.16;10;1;16;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"BID:92912 | URL:http://www.securityfocus.com/bid/92912 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)";"" 5.6.31;5;6;31;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"BID:92912 | URL:http://www.securityfocus.com/bid/92912 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)";"" 5.7.13;5;7;13;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"BID:92912 | URL:http://www.securityfocus.com/bid/92912 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)";"" 5.5.51;5;5;51;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html";Assigned (20160810);"None (candidate not yet proposed)";"" 5.6.32;5;6;32;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html";Assigned (20160810);"None (candidate not yet proposed)";"" 5.7.14;5;7;14;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html";Assigned (20160810);"None (candidate not yet proposed)";"" 8.0.0;8;0;0;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html";Assigned (20160810);"None (candidate not yet proposed)";"" 10.0.27;10;0;27;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html";Assigned (20160810);"None (candidate not yet proposed)";"" 10.1.17;10;1;17;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html";Assigned (20160810);"None (candidate not yet proposed)";"" 5.5.50;5;5;50;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html";Assigned (20160810);"None (candidate not yet proposed)";"" 5.6.31;5;6;31;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html";Assigned (20160810);"None (candidate not yet proposed)";"" 5.7.13;5;7;13;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html";Assigned (20160810);"None (candidate not yet proposed)";"" 5.5.40;5;5;40;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html";Assigned (20160810);"None (candidate not yet proposed)";"" 5.5.50;5;5;50;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BID:93612 | URL:http://www.securityfocus.com/bid/93612 | BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/539695/100/0/threaded | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574";Assigned (20160810);"None (candidate not yet proposed)";"" 5.6.31;5;6;31;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BID:93612 | URL:http://www.securityfocus.com/bid/93612 | BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/539695/100/0/threaded | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574";Assigned (20160810);"None (candidate not yet proposed)";"" 5.7.13;5;7;13;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BID:93612 | URL:http://www.securityfocus.com/bid/93612 | BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/539695/100/0/threaded | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574";Assigned (20160810);"None (candidate not yet proposed)";"" 5.5.40;5;5;40;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BID:93612 | URL:http://www.securityfocus.com/bid/93612 | BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/539695/100/0/threaded | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574";Assigned (20160810);"None (candidate not yet proposed)";"" 5.6.25;5;6;25;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"BID:93005 | URL:http://www.securityfocus.com/bid/93005 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | CONFIRM:https://www.tenable.com/security/tns-2016-19 | GENTOO:GLSA-201611-22 | URL:https://security.gentoo.org/glsa/201611-22 | MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | REDHAT:RHSA-2018:1296 | URL:https://access.redhat.com/errata/RHSA-2018:1296 | SECTRACK:1036836 | URL:http://www.securitytracker.com/id/1036836";Assigned (20160909);"None (candidate not yet proposed)";"" 7.0.10;7;0;10;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"BID:93005 | URL:http://www.securityfocus.com/bid/93005 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | CONFIRM:https://www.tenable.com/security/tns-2016-19 | GENTOO:GLSA-201611-22 | URL:https://security.gentoo.org/glsa/201611-22 | MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | REDHAT:RHSA-2018:1296 | URL:https://access.redhat.com/errata/RHSA-2018:1296 | SECTRACK:1036836 | URL:http://www.securitytracker.com/id/1036836";Assigned (20160909);"None (candidate not yet proposed)";"" 5.5.51;5;5;51;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"BID:93737 | URL:http://www.securityfocus.com/bid/93737 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)";"" 5.6.32;5;6;32;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"BID:93737 | URL:http://www.securityfocus.com/bid/93737 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)";"" 5.7.14;5;7;14;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"BID:93737 | URL:http://www.securityfocus.com/bid/93737 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)";"" 5.6.31;5;6;31;CVE-2016-8284;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.";"BID:93755 | URL:http://www.securityfocus.com/bid/93755 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)";"" 5.7.13;5;7;13;CVE-2016-8284;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.";"BID:93755 | URL:http://www.securityfocus.com/bid/93755 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)";"" 5.7.14;5;7;14;CVE-2016-8286;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges.";"BID:93745 | URL:http://www.securityfocus.com/bid/93745 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)";"" 5.7.13;5;7;13;CVE-2016-8287;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.";"BID:93727 | URL:http://www.securityfocus.com/bid/93727 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)";"" 5.6.30;5;6;30;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"BID:93740 | URL:http://www.securityfocus.com/bid/93740 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)";"" 5.7.12;5;7;12;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"BID:93740 | URL:http://www.securityfocus.com/bid/93740 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)";"" 5.7.13;5;7;13;CVE-2016-8289;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB.";"BID:93720 | URL:http://www.securityfocus.com/bid/93720 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)";"" 5.7.13;5;7;13;CVE-2016-8290;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-5633.";"BID:93733 | URL:http://www.securityfocus.com/bid/93733 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)";"" 5.6.34;5;6;34;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"BID:95580 | URL:http://www.securityfocus.com/bid/95580 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20160926);"None (candidate not yet proposed)";"" 5.7.16;5;7;16;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"BID:95580 | URL:http://www.securityfocus.com/bid/95580 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20160926);"None (candidate not yet proposed)";"" 5.6.34;5;6;34;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"BID:95557 | URL:http://www.securityfocus.com/bid/95557 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20160926);"None (candidate not yet proposed)";"" 5.7.16;5;7;16;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"BID:95557 | URL:http://www.securityfocus.com/bid/95557 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20160926);"None (candidate not yet proposed)";"" 5.6.37;5;6;37;CVE-2017-10155;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"BID:101402 | URL:http://www.securityfocus.com/bid/101402 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.7.19;5;7;19;CVE-2017-10155;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"BID:101402 | URL:http://www.securityfocus.com/bid/101402 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.7.19;5;7;19;CVE-2017-10165;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:101424 | URL:http://www.securityfocus.com/bid/101424 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.7.19;5;7;19;CVE-2017-10167;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:101433 | URL:http://www.securityfocus.com/bid/101433 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.6.37;5;6;37;CVE-2017-10227;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:101337 | URL:http://www.securityfocus.com/bid/101337 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.7.19;5;7;19;CVE-2017-10227;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:101337 | URL:http://www.securityfocus.com/bid/101337 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.5.57;5;5;57;CVE-2017-10268;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"BID:101390 | URL:http://www.securityfocus.com/bid/101390 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.6.37;5;6;37;CVE-2017-10268;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"BID:101390 | URL:http://www.securityfocus.com/bid/101390 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.7.19;5;7;19;CVE-2017-10268;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"BID:101390 | URL:http://www.securityfocus.com/bid/101390 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.6.37;5;6;37;CVE-2017-10276;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:101441 | URL:http://www.securityfocus.com/bid/101441 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.7.19;5;7;19;CVE-2017-10276;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:101441 | URL:http://www.securityfocus.com/bid/101441 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.6.36;5;6;36;CVE-2017-10279;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:101316 | URL:http://www.securityfocus.com/bid/101316 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.7.18;5;7;18;CVE-2017-10279;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:101316 | URL:http://www.securityfocus.com/bid/101316 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.6.37;5;6;37;CVE-2017-10283;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:101420 | URL:http://www.securityfocus.com/bid/101420 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.7.19;5;7;19;CVE-2017-10283;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:101420 | URL:http://www.securityfocus.com/bid/101420 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.7.18;5;7;18;CVE-2017-10284;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Stored Procedure). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:101385 | URL:http://www.securityfocus.com/bid/101385 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.6.37;5;6;37;CVE-2017-10286;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:101397 | URL:http://www.securityfocus.com/bid/101397 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.7.19;5;7;19;CVE-2017-10286;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:101397 | URL:http://www.securityfocus.com/bid/101397 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.6.37;5;6;37;CVE-2017-10294;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:101444 | URL:http://www.securityfocus.com/bid/101444 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.7.19;5;7;19;CVE-2017-10294;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:101444 | URL:http://www.securityfocus.com/bid/101444 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.7.18;5;7;18;CVE-2017-10296;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:101373 | URL:http://www.securityfocus.com/bid/101373 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.7.19;5;7;19;CVE-2017-10311;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:101446 | URL:http://www.securityfocus.com/bid/101446 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.7.19;5;7;19;CVE-2017-10313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:101448 | URL:http://www.securityfocus.com/bid/101448 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.6.37;5;6;37;CVE-2017-10314;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:101314 | URL:http://www.securityfocus.com/bid/101314 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.7.19;5;7;19;CVE-2017-10314;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:101314 | URL:http://www.securityfocus.com/bid/101314 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.7.19;5;7;19;CVE-2017-10320;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:101410 | URL:http://www.securityfocus.com/bid/101410 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.7.18;5;7;18;CVE-2017-10365;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L).";"BID:101429 | URL:http://www.securityfocus.com/bid/101429 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.5.57;5;5;57;CVE-2017-10378;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:101375 | URL:http://www.securityfocus.com/bid/101375 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.6.37;5;6;37;CVE-2017-10378;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:101375 | URL:http://www.securityfocus.com/bid/101375 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.7.11;5;7;11;CVE-2017-10378;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:101375 | URL:http://www.securityfocus.com/bid/101375 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.5.57;5;5;57;CVE-2017-10379;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).";"BID:101415 | URL:http://www.securityfocus.com/bid/101415 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.6.37;5;6;37;CVE-2017-10379;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).";"BID:101415 | URL:http://www.securityfocus.com/bid/101415 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.7.19;5;7;19;CVE-2017-10379;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).";"BID:101415 | URL:http://www.securityfocus.com/bid/101415 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.5.57;5;5;57;CVE-2017-10384;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:101406 | URL:http://www.securityfocus.com/bid/101406 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.6.37;5;6;37;CVE-2017-10384;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:101406 | URL:http://www.securityfocus.com/bid/101406 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 5.7.19;5;7;19;CVE-2017-10384;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:101406 | URL:http://www.securityfocus.com/bid/101406 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)";"" 10.1.29;10;1;29;CVE-2017-15365;Candidate;"sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.";"CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1524234 | CONFIRM:https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ | CONFIRM:https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ | CONFIRM:https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | FEDORA:FEDORA-2018-0d6a80f496 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/ | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258";Assigned (20171015);"None (candidate not yet proposed)";"" 10.2.9;10;2;9;CVE-2017-15365;Candidate;"sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.";"CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1524234 | CONFIRM:https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ | CONFIRM:https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ | CONFIRM:https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | FEDORA:FEDORA-2018-0d6a80f496 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/ | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258";Assigned (20171015);"None (candidate not yet proposed)";"" 5.6.36;5;6;36;CVE-2017-15365;Candidate;"sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.";"CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1524234 | CONFIRM:https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ | CONFIRM:https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ | CONFIRM:https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | FEDORA:FEDORA-2018-0d6a80f496 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/ | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258";Assigned (20171015);"None (candidate not yet proposed)";"" 5.7.18;5;7;18;CVE-2017-15365;Candidate;"sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.";"CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1524234 | CONFIRM:https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ | CONFIRM:https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ | CONFIRM:https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | FEDORA:FEDORA-2018-0d6a80f496 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/ | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258";Assigned (20171015);"None (candidate not yet proposed)";"" 5.0.-1;5;0;-1;CVE-2017-16540;Candidate;"OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter.";"BID:101983 | URL:http://www.securityfocus.com/bid/101983 | MISC:http://www.open-emr.org/wiki/index.php/OpenEMR_Patches | MISC:https://isears.github.io/jekyll/update/2017/10/28/openemr-database-disclosure.html";Assigned (20171104);"None (candidate not yet proposed)";"" 67.9999.102;67;9999;102;CVE-2017-18410;Candidate;"In cPanel before 67.9999.103; a user account's backup archive could contain all MySQL databases on the server (SEC-284).";"CONFIRM:https://documentation.cpanel.net/display/CL/68+Change+Log";Assigned (20190731);"None (candidate not yet proposed)";"" 5.5.53;5;5;53;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"BID:95571 | URL:http://www.securityfocus.com/bid/95571 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.34;5;6;34;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"BID:95571 | URL:http://www.securityfocus.com/bid/95571 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.16;5;7;16;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"BID:95571 | URL:http://www.securityfocus.com/bid/95571 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.53;5;5;53;CVE-2017-3243;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"BID:95538 | URL:http://www.securityfocus.com/bid/95538 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.53;5;5;53;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"BID:95565 | URL:http://www.securityfocus.com/bid/95565 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.34;5;6;34;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"BID:95565 | URL:http://www.securityfocus.com/bid/95565 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.16;5;7;16;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"BID:95565 | URL:http://www.securityfocus.com/bid/95565 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.16;5;7;16;CVE-2017-3251;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.9 (Availability impacts).";"BID:95482 | URL:http://www.securityfocus.com/bid/95482 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.16;5;7;16;CVE-2017-3256;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"BID:95486 | URL:http://www.securityfocus.com/bid/95486 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.34;5;6;34;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"BID:95589 | URL:http://www.securityfocus.com/bid/95589 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.16;5;7;16;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"BID:95589 | URL:http://www.securityfocus.com/bid/95589 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.53;5;5;53;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"BID:95560 | URL:http://www.securityfocus.com/bid/95560 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.34;5;6;34;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"BID:95560 | URL:http://www.securityfocus.com/bid/95560 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.16;5;7;16;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"BID:95560 | URL:http://www.securityfocus.com/bid/95560 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.53;5;5;53;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"BID:95520 | URL:http://www.securityfocus.com/bid/95520 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.34;5;6;34;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"BID:95520 | URL:http://www.securityfocus.com/bid/95520 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.16;5;7;16;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"BID:95520 | URL:http://www.securityfocus.com/bid/95520 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.34;5;6;34;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"BID:95583 | URL:http://www.securityfocus.com/bid/95583 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.16;5;7;16;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"BID:95583 | URL:http://www.securityfocus.com/bid/95583 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.53;5;5;53;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"BID:95501 | URL:http://www.securityfocus.com/bid/95501 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.34;5;6;34;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"BID:95501 | URL:http://www.securityfocus.com/bid/95501 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.16;5;7;16;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"BID:95501 | URL:http://www.securityfocus.com/bid/95501 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.55;5;5;55;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"BID:97023 | URL:http://www.securityfocus.com/bid/97023 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | MISC:http://riddle.link/ | MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) | URL:http://www.openwall.com/lists/oss-security/2017/03/17/3 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.35;5;6;35;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"BID:97023 | URL:http://www.securityfocus.com/bid/97023 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | MISC:http://riddle.link/ | MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) | URL:http://www.openwall.com/lists/oss-security/2017/03/17/3 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 3.1.6;3;1;6;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"BID:97724 | URL:http://www.securityfocus.com/bid/97724 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 3.2.1182;3;2;1182;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"BID:97724 | URL:http://www.securityfocus.com/bid/97724 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 3.3.2;3;3;2;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"BID:97724 | URL:http://www.securityfocus.com/bid/97724 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 3.1.6;3;1;6;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"BID:97844 | URL:http://www.securityfocus.com/bid/97844 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 3.2.1182;3;2;1182;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"BID:97844 | URL:http://www.securityfocus.com/bid/97844 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 3.3.2;3;3;2;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"BID:97844 | URL:http://www.securityfocus.com/bid/97844 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.54;5;5;54;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"BID:97725 | URL:http://www.securityfocus.com/bid/97725 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.35;5;6;35;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"BID:97725 | URL:http://www.securityfocus.com/bid/97725 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.17;5;7;17;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"BID:97725 | URL:http://www.securityfocus.com/bid/97725 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.54;5;5;54;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"BID:97742 | URL:http://www.securityfocus.com/bid/97742 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.35;5;6;35;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"BID:97742 | URL:http://www.securityfocus.com/bid/97742 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.17;5;7;17;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"BID:97742 | URL:http://www.securityfocus.com/bid/97742 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.53;5;5;53;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"BID:95491 | URL:http://www.securityfocus.com/bid/95491 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.34;5;6;34;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"BID:95491 | URL:http://www.securityfocus.com/bid/95491 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.16;5;7;16;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"BID:95491 | URL:http://www.securityfocus.com/bid/95491 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.53;5;5;53;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"BID:95527 | URL:http://www.securityfocus.com/bid/95527 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3809 | URL:http://www.debian.org/security/2017/dsa-3809 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.34;5;6;34;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"BID:95527 | URL:http://www.securityfocus.com/bid/95527 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3809 | URL:http://www.debian.org/security/2017/dsa-3809 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.16;5;7;16;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"BID:95527 | URL:http://www.securityfocus.com/bid/95527 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3809 | URL:http://www.debian.org/security/2017/dsa-3809 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.53;5;5;53;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"BID:95585 | URL:http://www.securityfocus.com/bid/95585 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.34;5;6;34;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"BID:95585 | URL:http://www.securityfocus.com/bid/95585 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.16;5;7;16;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"BID:95585 | URL:http://www.securityfocus.com/bid/95585 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.53;5;5;53;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"BID:95588 | URL:http://www.securityfocus.com/bid/95588 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.34;5;6;34;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"BID:95588 | URL:http://www.securityfocus.com/bid/95588 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.16;5;7;16;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"BID:95588 | URL:http://www.securityfocus.com/bid/95588 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.16;5;7;16;CVE-2017-3319;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts).";"BID:95479 | URL:http://www.securityfocus.com/bid/95479 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.16;5;7;16;CVE-2017-3320;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts).";"BID:95470 | URL:http://www.securityfocus.com/bid/95470 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.54;5;5;54;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"BID:97763 | URL:http://www.securityfocus.com/bid/97763 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.35;5;6;35;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"BID:97763 | URL:http://www.securityfocus.com/bid/97763 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.17;5;7;17;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"BID:97763 | URL:http://www.securityfocus.com/bid/97763 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.11;5;7;11;CVE-2017-3331;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:97772 | URL:http://www.securityfocus.com/bid/97772 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.17;5;7;17;CVE-2017-3331;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:97772 | URL:http://www.securityfocus.com/bid/97772 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.35;5;6;35;CVE-2017-3450;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"BID:97747 | URL:http://www.securityfocus.com/bid/97747 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.17;5;7;17;CVE-2017-3450;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"BID:97747 | URL:http://www.securityfocus.com/bid/97747 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.35;5;6;35;CVE-2017-3452;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:97779 | URL:http://www.securityfocus.com/bid/97779 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.54;5;5;54;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:97776 | URL:http://www.securityfocus.com/bid/97776 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.35;5;6;35;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:97776 | URL:http://www.securityfocus.com/bid/97776 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.17;5;7;17;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:97776 | URL:http://www.securityfocus.com/bid/97776 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.17;5;7;17;CVE-2017-3454;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"BID:97791 | URL:http://www.securityfocus.com/bid/97791 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.17;5;7;17;CVE-2017-3455;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).";"BID:97820 | URL:http://www.securityfocus.com/bid/97820 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.54;5;5;54;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:97831 | URL:http://www.securityfocus.com/bid/97831 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.35;5;6;35;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:97831 | URL:http://www.securityfocus.com/bid/97831 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.17;5;7;17;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:97831 | URL:http://www.securityfocus.com/bid/97831 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.17;5;7;17;CVE-2017-3457;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:97845 | URL:http://www.securityfocus.com/bid/97845 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.17;5;7;17;CVE-2017-3458;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:97837 | URL:http://www.securityfocus.com/bid/97837 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.17;5;7;17;CVE-2017-3459;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:97847 | URL:http://www.securityfocus.com/bid/97847 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.17;5;7;17;CVE-2017-3460;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:97826 | URL:http://www.securityfocus.com/bid/97826 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.54;5;5;54;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:97812 | URL:http://www.securityfocus.com/bid/97812 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.35;5;6;35;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:97812 | URL:http://www.securityfocus.com/bid/97812 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.17;5;7;17;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:97812 | URL:http://www.securityfocus.com/bid/97812 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.54;5;5;54;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:97851 | URL:http://www.securityfocus.com/bid/97851 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.35;5;6;35;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:97851 | URL:http://www.securityfocus.com/bid/97851 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.17;5;7;17;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:97851 | URL:http://www.securityfocus.com/bid/97851 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.54;5;5;54;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:97849 | URL:http://www.securityfocus.com/bid/97849 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.35;5;6;35;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:97849 | URL:http://www.securityfocus.com/bid/97849 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.17;5;7;17;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:97849 | URL:http://www.securityfocus.com/bid/97849 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.54;5;5;54;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"BID:97818 | URL:http://www.securityfocus.com/bid/97818 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.35;5;6;35;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"BID:97818 | URL:http://www.securityfocus.com/bid/97818 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.17;5;7;17;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"BID:97818 | URL:http://www.securityfocus.com/bid/97818 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.17;5;7;17;CVE-2017-3465;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"BID:97822 | URL:http://www.securityfocus.com/bid/97822 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.17;5;7;17;CVE-2017-3467;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).";"BID:97825 | URL:http://www.securityfocus.com/bid/97825 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.17;5;7;17;CVE-2017-3468;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"BID:97848 | URL:http://www.securityfocus.com/bid/97848 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.18;5;7;18;CVE-2017-3529;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: UDF). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:99746 | URL:http://www.securityfocus.com/bid/99746 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.35;5;6;35;CVE-2017-3599;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.";"BID:97754 | URL:http://www.securityfocus.com/bid/97754 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | EXPLOIT-DB:41954 | URL:https://www.exploit-db.com/exploits/41954/ | MISC:https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/ | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.17;5;7;17;CVE-2017-3599;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.";"BID:97754 | URL:http://www.securityfocus.com/bid/97754 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | EXPLOIT-DB:41954 | URL:https://www.exploit-db.com/exploits/41954/ | MISC:https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/ | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.54;5;5;54;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"BID:97765 | URL:http://www.securityfocus.com/bid/97765 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.35;5;6;35;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"BID:97765 | URL:http://www.securityfocus.com/bid/97765 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.17;5;7;17;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"BID:97765 | URL:http://www.securityfocus.com/bid/97765 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.36;5;6;36;CVE-2017-3633;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).";"BID:99722 | URL:http://www.securityfocus.com/bid/99722 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.18;5;7;18;CVE-2017-3633;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).";"BID:99722 | URL:http://www.securityfocus.com/bid/99722 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.36;5;6;36;CVE-2017-3634;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:99729 | URL:http://www.securityfocus.com/bid/99729 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.18;5;7;18;CVE-2017-3634;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:99729 | URL:http://www.securityfocus.com/bid/99729 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.56;5;5;56;CVE-2017-3636;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).";"BID:99736 | URL:http://www.securityfocus.com/bid/99736 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.36;5;6;36;CVE-2017-3636;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).";"BID:99736 | URL:http://www.securityfocus.com/bid/99736 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.18;5;7;18;CVE-2017-3637;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:99748 | URL:http://www.securityfocus.com/bid/99748 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.18;5;7;18;CVE-2017-3638;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:99778 | URL:http://www.securityfocus.com/bid/99778 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.18;5;7;18;CVE-2017-3639;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:99753 | URL:http://www.securityfocus.com/bid/99753 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.18;5;7;18;CVE-2017-3640;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:99765 | URL:http://www.securityfocus.com/bid/99765 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.56;5;5;56;CVE-2017-3641;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:99767 | URL:http://www.securityfocus.com/bid/99767 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.36;5;6;36;CVE-2017-3641;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:99767 | URL:http://www.securityfocus.com/bid/99767 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.18;5;7;18;CVE-2017-3641;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:99767 | URL:http://www.securityfocus.com/bid/99767 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.18;5;7;18;CVE-2017-3642;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:99779 | URL:http://www.securityfocus.com/bid/99779 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.18;5;7;18;CVE-2017-3643;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:99772 | URL:http://www.securityfocus.com/bid/99772 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.18;5;7;18;CVE-2017-3644;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:99775 | URL:http://www.securityfocus.com/bid/99775 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.18;5;7;18;CVE-2017-3645;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:99783 | URL:http://www.securityfocus.com/bid/99783 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.16;5;7;16;CVE-2017-3646;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:99786 | URL:http://www.securityfocus.com/bid/99786 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.36;5;6;36;CVE-2017-3647;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:99796 | URL:http://www.securityfocus.com/bid/99796 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.18;5;7;18;CVE-2017-3647;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:99796 | URL:http://www.securityfocus.com/bid/99796 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.56;5;5;56;CVE-2017-3648;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:99789 | URL:http://www.securityfocus.com/bid/99789 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.36;5;6;36;CVE-2017-3648;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:99789 | URL:http://www.securityfocus.com/bid/99789 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.18;5;7;18;CVE-2017-3648;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:99789 | URL:http://www.securityfocus.com/bid/99789 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.36;5;6;36;CVE-2017-3649;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:99799 | URL:http://www.securityfocus.com/bid/99799 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.18;5;7;18;CVE-2017-3649;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:99799 | URL:http://www.securityfocus.com/bid/99799 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.18;5;7;18;CVE-2017-3650;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: C API). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).";"BID:99808 | URL:http://www.securityfocus.com/bid/99808 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.56;5;5;56;CVE-2017-3651;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"BID:99802 | URL:http://www.securityfocus.com/bid/99802 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.36;5;6;36;CVE-2017-3651;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"BID:99802 | URL:http://www.securityfocus.com/bid/99802 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.18;5;7;18;CVE-2017-3651;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"BID:99802 | URL:http://www.securityfocus.com/bid/99802 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.56;5;5;56;CVE-2017-3652;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).";"BID:99805 | URL:http://www.securityfocus.com/bid/99805 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.36;5;6;36;CVE-2017-3652;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).";"BID:99805 | URL:http://www.securityfocus.com/bid/99805 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.18;5;7;18;CVE-2017-3652;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).";"BID:99805 | URL:http://www.securityfocus.com/bid/99805 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.5.56;5;5;56;CVE-2017-3653;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"BID:99810 | URL:http://www.securityfocus.com/bid/99810 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.6.36;5;6;36;CVE-2017-3653;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"BID:99810 | URL:http://www.securityfocus.com/bid/99810 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 5.7.18;5;7;18;CVE-2017-3653;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"BID:99810 | URL:http://www.securityfocus.com/bid/99810 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)";"" 1.1.54389;1;1;54389;CVE-2018-14669;Candidate;"ClickHouse MySQL client before versions 1.1.54390 had ""LOAD DATA LOCAL INFILE"" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server.";"MISC:https://clickhouse.yandex/docs/en/security_changelog/";Assigned (20180727);"None (candidate not yet proposed)";"" 5.5.58;5;5;58;CVE-2018-2562;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"BID:102713 | URL:http://www.securityfocus.com/bid/102713 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.38;5;6;38;CVE-2018-2562;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"BID:102713 | URL:http://www.securityfocus.com/bid/102713 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.19;5;7;19;CVE-2018-2562;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"BID:102713 | URL:http://www.securityfocus.com/bid/102713 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.20;5;7;20;CVE-2018-2565;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:102712 | URL:http://www.securityfocus.com/bid/102712 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.38;5;6;38;CVE-2018-2573;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:102710 | URL:http://www.securityfocus.com/bid/102710 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.20;5;7;20;CVE-2018-2573;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:102710 | URL:http://www.securityfocus.com/bid/102710 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.20;5;7;20;CVE-2018-2576;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:102695 | URL:http://www.securityfocus.com/bid/102695 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.38;5;6;38;CVE-2018-2583;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).";"BID:102708 | URL:http://www.securityfocus.com/bid/102708 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.20;5;7;20;CVE-2018-2583;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).";"BID:102708 | URL:http://www.securityfocus.com/bid/102708 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.20;5;7;20;CVE-2018-2586;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:102700 | URL:http://www.securityfocus.com/bid/102700 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.38;5;6;38;CVE-2018-2590;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:102697 | URL:http://www.securityfocus.com/bid/102697 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.20;5;7;20;CVE-2018-2590;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:102697 | URL:http://www.securityfocus.com/bid/102697 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.38;5;6;38;CVE-2018-2591;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:102714 | URL:http://www.securityfocus.com/bid/102714 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.19;5;7;19;CVE-2018-2591;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:102714 | URL:http://www.securityfocus.com/bid/102714 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.20;5;7;20;CVE-2018-2600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:102696 | URL:http://www.securityfocus.com/bid/102696 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.38;5;6;38;CVE-2018-2612;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).";"BID:102709 | URL:http://www.securityfocus.com/bid/102709 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.20;5;7;20;CVE-2018-2612;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).";"BID:102709 | URL:http://www.securityfocus.com/bid/102709 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.5.58;5;5;58;CVE-2018-2622;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:102706 | URL:http://www.securityfocus.com/bid/102706 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.38;5;6;38;CVE-2018-2622;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:102706 | URL:http://www.securityfocus.com/bid/102706 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.20;5;7;20;CVE-2018-2622;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:102706 | URL:http://www.securityfocus.com/bid/102706 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.5.58;5;5;58;CVE-2018-2640;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:102678 | URL:http://www.securityfocus.com/bid/102678 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.38;5;6;38;CVE-2018-2640;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:102678 | URL:http://www.securityfocus.com/bid/102678 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.20;5;7;20;CVE-2018-2640;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:102678 | URL:http://www.securityfocus.com/bid/102678 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.38;5;6;38;CVE-2018-2645;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).";"BID:102698 | URL:http://www.securityfocus.com/bid/102698 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.20;5;7;20;CVE-2018-2645;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).";"BID:102698 | URL:http://www.securityfocus.com/bid/102698 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.20;5;7;20;CVE-2018-2646;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:102703 | URL:http://www.securityfocus.com/bid/102703 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.38;5;6;38;CVE-2018-2647;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"BID:102711 | URL:http://www.securityfocus.com/bid/102711 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.20;5;7;20;CVE-2018-2647;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"BID:102711 | URL:http://www.securityfocus.com/bid/102711 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.5.58;5;5;58;CVE-2018-2665;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:102681 | URL:http://www.securityfocus.com/bid/102681 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.38;5;6;38;CVE-2018-2665;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:102681 | URL:http://www.securityfocus.com/bid/102681 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.20;5;7;20;CVE-2018-2665;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:102681 | URL:http://www.securityfocus.com/bid/102681 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.20;5;7;20;CVE-2018-2667;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:102685 | URL:http://www.securityfocus.com/bid/102685 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.5.58;5;5;58;CVE-2018-2668;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:102682 | URL:http://www.securityfocus.com/bid/102682 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.38;5;6;38;CVE-2018-2668;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:102682 | URL:http://www.securityfocus.com/bid/102682 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.20;5;7;20;CVE-2018-2668;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:102682 | URL:http://www.securityfocus.com/bid/102682 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.38;5;6;38;CVE-2018-2696;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"BID:102701 | URL:http://www.securityfocus.com/bid/102701 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.20;5;7;20;CVE-2018-2696;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"BID:102701 | URL:http://www.securityfocus.com/bid/102701 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.38;5;6;38;CVE-2018-2703;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:102704 | URL:http://www.securityfocus.com/bid/102704 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.20;5;7;20;CVE-2018-2703;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:102704 | URL:http://www.securityfocus.com/bid/102704 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.5.59;5;5;59;CVE-2018-2755;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).";"BID:103807 | URL:http://www.securityfocus.com/bid/103807 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.39;5;6;39;CVE-2018-2755;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).";"BID:103807 | URL:http://www.securityfocus.com/bid/103807 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2755;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).";"BID:103807 | URL:http://www.securityfocus.com/bid/103807 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.39;5;6;39;CVE-2018-2758;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:103802 | URL:http://www.securityfocus.com/bid/103802 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2758;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:103802 | URL:http://www.securityfocus.com/bid/103802 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2759;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:103780 | URL:http://www.securityfocus.com/bid/103780 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.5.59;5;5;59;CVE-2018-2761;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"BID:103820 | URL:http://www.securityfocus.com/bid/103820 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.39;5;6;39;CVE-2018-2761;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"BID:103820 | URL:http://www.securityfocus.com/bid/103820 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2761;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"BID:103820 | URL:http://www.securityfocus.com/bid/103820 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2762;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:103794 | URL:http://www.securityfocus.com/bid/103794 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.39;5;6;39;CVE-2018-2766;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:103805 | URL:http://www.securityfocus.com/bid/103805 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2766;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:103805 | URL:http://www.securityfocus.com/bid/103805 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.5.60;5;5;60;CVE-2018-2767;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).";"BID:103954 | URL:http://www.securityfocus.com/bid/103954 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.40;5;6;40;CVE-2018-2767;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).";"BID:103954 | URL:http://www.securityfocus.com/bid/103954 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.22;5;7;22;CVE-2018-2767;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).";"BID:103954 | URL:http://www.securityfocus.com/bid/103954 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2769;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:103876 | URL:http://www.securityfocus.com/bid/103876 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.5.59;5;5;59;CVE-2018-2771;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:103828 | URL:http://www.securityfocus.com/bid/103828 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.39;5;6;39;CVE-2018-2771;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:103828 | URL:http://www.securityfocus.com/bid/103828 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2771;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:103828 | URL:http://www.securityfocus.com/bid/103828 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.5.59;5;5;59;CVE-2018-2773;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:103811 | URL:http://www.securityfocus.com/bid/103811 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.39;5;6;39;CVE-2018-2773;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:103811 | URL:http://www.securityfocus.com/bid/103811 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2773;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:103811 | URL:http://www.securityfocus.com/bid/103811 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2775;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:103777 | URL:http://www.securityfocus.com/bid/103777 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2776;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via XCom to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:103791 | URL:http://www.securityfocus.com/bid/103791 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2777;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:103781 | URL:http://www.securityfocus.com/bid/103781 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2778;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:103785 | URL:http://www.securityfocus.com/bid/103785 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2779;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:103787 | URL:http://www.securityfocus.com/bid/103787 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2780;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:103778 | URL:http://www.securityfocus.com/bid/103778 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.5.59;5;5;59;CVE-2018-2781;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:103825 | URL:http://www.securityfocus.com/bid/103825 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.39;5;6;39;CVE-2018-2781;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:103825 | URL:http://www.securityfocus.com/bid/103825 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2781;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:103825 | URL:http://www.securityfocus.com/bid/103825 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.39;5;6;39;CVE-2018-2782;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:103799 | URL:http://www.securityfocus.com/bid/103799 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2782;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:103799 | URL:http://www.securityfocus.com/bid/103799 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.39;5;6;39;CVE-2018-2784;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:103801 | URL:http://www.securityfocus.com/bid/103801 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2784;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:103801 | URL:http://www.securityfocus.com/bid/103801 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2786;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"BID:103779 | URL:http://www.securityfocus.com/bid/103779 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.39;5;6;39;CVE-2018-2787;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"BID:103804 | URL:http://www.securityfocus.com/bid/103804 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2787;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"BID:103804 | URL:http://www.securityfocus.com/bid/103804 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.39;5;6;39;CVE-2018-2805;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: GIS Extension). Supported versions that are affected are 5.6.39 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:103831 | URL:http://www.securityfocus.com/bid/103831 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2810;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:103783 | URL:http://www.securityfocus.com/bid/103783 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2812;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"BID:103836 | URL:http://www.securityfocus.com/bid/103836 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.5.59;5;5;59;CVE-2018-2813;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"BID:103830 | URL:http://www.securityfocus.com/bid/103830 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.39;5;6;39;CVE-2018-2813;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"BID:103830 | URL:http://www.securityfocus.com/bid/103830 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2813;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"BID:103830 | URL:http://www.securityfocus.com/bid/103830 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2816;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:103789 | URL:http://www.securityfocus.com/bid/103789 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.5.59;5;5;59;CVE-2018-2817;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:103818 | URL:http://www.securityfocus.com/bid/103818 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.39;5;6;39;CVE-2018-2817;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:103818 | URL:http://www.securityfocus.com/bid/103818 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2817;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:103818 | URL:http://www.securityfocus.com/bid/103818 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.5.59;5;5;59;CVE-2018-2818;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:103824 | URL:http://www.securityfocus.com/bid/103824 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.39;5;6;39;CVE-2018-2818;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:103824 | URL:http://www.securityfocus.com/bid/103824 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2818;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:103824 | URL:http://www.securityfocus.com/bid/103824 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.5.59;5;5;59;CVE-2018-2819;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:103814 | URL:http://www.securityfocus.com/bid/103814 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.39;5;6;39;CVE-2018-2819;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:103814 | URL:http://www.securityfocus.com/bid/103814 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2819;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:103814 | URL:http://www.securityfocus.com/bid/103814 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2839;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:103845 | URL:http://www.securityfocus.com/bid/103845 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.21;5;7;21;CVE-2018-2846;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:103790 | URL:http://www.securityfocus.com/bid/103790 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.22;5;7;22;CVE-2018-3054;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:104769 | URL:http://www.securityfocus.com/bid/104769 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.11;8;0;11;CVE-2018-3054;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:104769 | URL:http://www.securityfocus.com/bid/104769 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.22;5;7;22;CVE-2018-3056;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"BID:104769 | URL:http://www.securityfocus.com/bid/104769 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.11;8;0;11;CVE-2018-3056;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"BID:104769 | URL:http://www.securityfocus.com/bid/104769 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.5.60;5;5;60;CVE-2018-3058;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"BID:104766 | URL:http://www.securityfocus.com/bid/104766 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | MLIST:[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | REDHAT:RHSA-2019:2327 | URL:https://access.redhat.com/errata/RHSA-2019:2327 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.40;5;6;40;CVE-2018-3058;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"BID:104766 | URL:http://www.securityfocus.com/bid/104766 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | MLIST:[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | REDHAT:RHSA-2019:2327 | URL:https://access.redhat.com/errata/RHSA-2019:2327 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.22;5;7;22;CVE-2018-3058;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"BID:104766 | URL:http://www.securityfocus.com/bid/104766 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | MLIST:[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | REDHAT:RHSA-2019:2327 | URL:https://access.redhat.com/errata/RHSA-2019:2327 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.22;5;7;22;CVE-2018-3060;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).";"BID:104769 | URL:http://www.securityfocus.com/bid/104769 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.11;8;0;11;CVE-2018-3060;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).";"BID:104769 | URL:http://www.securityfocus.com/bid/104769 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.22;5;7;22;CVE-2018-3061;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:104785 | URL:http://www.securityfocus.com/bid/104785 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.40;5;6;40;CVE-2018-3062;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.40 and prior; 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:104776 | URL:http://www.securityfocus.com/bid/104776 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.22;5;7;22;CVE-2018-3062;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.40 and prior; 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:104776 | URL:http://www.securityfocus.com/bid/104776 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.11;8;0;11;CVE-2018-3062;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.40 and prior; 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:104776 | URL:http://www.securityfocus.com/bid/104776 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.5.60;5;5;60;CVE-2018-3063;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:104786 | URL:http://www.securityfocus.com/bid/104786 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | MLIST:[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | REDHAT:RHSA-2019:2327 | URL:https://access.redhat.com/errata/RHSA-2019:2327 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.40;5;6;40;CVE-2018-3064;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior; 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"BID:104776 | URL:http://www.securityfocus.com/bid/104776 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.22;5;7;22;CVE-2018-3064;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior; 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"BID:104776 | URL:http://www.securityfocus.com/bid/104776 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.11;8;0;11;CVE-2018-3064;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior; 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"BID:104776 | URL:http://www.securityfocus.com/bid/104776 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.22;5;7;22;CVE-2018-3065;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:104769 | URL:http://www.securityfocus.com/bid/104769 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.11;8;0;11;CVE-2018-3065;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:104769 | URL:http://www.securityfocus.com/bid/104769 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.5.60;5;5;60;CVE-2018-3066;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).";"BID:104766 | URL:http://www.securityfocus.com/bid/104766 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | MLIST:[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | REDHAT:RHSA-2019:2327 | URL:https://access.redhat.com/errata/RHSA-2019:2327 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.40;5;6;40;CVE-2018-3066;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).";"BID:104766 | URL:http://www.securityfocus.com/bid/104766 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | MLIST:[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | REDHAT:RHSA-2019:2327 | URL:https://access.redhat.com/errata/RHSA-2019:2327 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.22;5;7;22;CVE-2018-3066;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).";"BID:104766 | URL:http://www.securityfocus.com/bid/104766 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | MLIST:[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | REDHAT:RHSA-2019:2327 | URL:https://access.redhat.com/errata/RHSA-2019:2327 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.11;8;0;11;CVE-2018-3067;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:104772 | URL:http://www.securityfocus.com/bid/104772 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)";"" 5.5.60;5;5;60;CVE-2018-3070;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:104766 | URL:http://www.securityfocus.com/bid/104766 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | MLIST:[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.40;5;6;40;CVE-2018-3070;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:104766 | URL:http://www.securityfocus.com/bid/104766 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | MLIST:[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.22;5;7;22;CVE-2018-3070;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:104766 | URL:http://www.securityfocus.com/bid/104766 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | MLIST:[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.22;5;7;22;CVE-2018-3071;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:104784 | URL:http://www.securityfocus.com/bid/104784 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.11;8;0;11;CVE-2018-3073;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:104772 | URL:http://www.securityfocus.com/bid/104772 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.11;8;0;11;CVE-2018-3074;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:104772 | URL:http://www.securityfocus.com/bid/104772 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.11;8;0;11;CVE-2018-3075;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:104772 | URL:http://www.securityfocus.com/bid/104772 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.22;5;7;22;CVE-2018-3077;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:104769 | URL:http://www.securityfocus.com/bid/104769 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.11;8;0;11;CVE-2018-3077;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:104769 | URL:http://www.securityfocus.com/bid/104769 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.11;8;0;11;CVE-2018-3078;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:104772 | URL:http://www.securityfocus.com/bid/104772 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.11;8;0;11;CVE-2018-3079;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:104772 | URL:http://www.securityfocus.com/bid/104772 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.11;8;0;11;CVE-2018-3080;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:104772 | URL:http://www.securityfocus.com/bid/104772 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.11;8;0;11;CVE-2018-3082;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"BID:104772 | URL:http://www.securityfocus.com/bid/104772 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.11;8;0;11;CVE-2018-3084;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Core / Client). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 2.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L).";"BID:104788 | URL:http://www.securityfocus.com/bid/104788 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.42;5;6;42;CVE-2018-3123;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: libmysqld). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://support.f5.com/csp/article/K58502649 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.24;5;7;24;CVE-2018-3123;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: libmysqld). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://support.f5.com/csp/article/K58502649 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2018-3123;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: libmysqld). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://support.f5.com/csp/article/K58502649 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html";Assigned (20171215);"None (candidate not yet proposed)";"" 5.5.61;5;5;61;CVE-2018-3133;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior; 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:105610 | URL:http://www.securityfocus.com/bid/105610 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | MLIST:[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/ | UBUNTU:USN-3799-2 | URL:https://usn.ubuntu.com/3799-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.41;5;6;41;CVE-2018-3133;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior; 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:105610 | URL:http://www.securityfocus.com/bid/105610 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | MLIST:[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/ | UBUNTU:USN-3799-2 | URL:https://usn.ubuntu.com/3799-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.23;5;7;23;CVE-2018-3133;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior; 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:105610 | URL:http://www.securityfocus.com/bid/105610 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | MLIST:[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/ | UBUNTU:USN-3799-2 | URL:https://usn.ubuntu.com/3799-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3133;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior; 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:105610 | URL:http://www.securityfocus.com/bid/105610 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | MLIST:[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/ | UBUNTU:USN-3799-2 | URL:https://usn.ubuntu.com/3799-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3137;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:105607 | URL:http://www.securityfocus.com/bid/105607 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.41;5;6;41;CVE-2018-3143;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:105600 | URL:http://www.securityfocus.com/bid/105600 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20181107 [SECURITY] [DLA 1570-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00007.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.23;5;7;23;CVE-2018-3143;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:105600 | URL:http://www.securityfocus.com/bid/105600 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20181107 [SECURITY] [DLA 1570-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00007.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3143;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:105600 | URL:http://www.securityfocus.com/bid/105600 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20181107 [SECURITY] [DLA 1570-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00007.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.23;5;7;23;CVE-2018-3144;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"BID:105594 | URL:http://www.securityfocus.com/bid/105594 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3144;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"BID:105594 | URL:http://www.securityfocus.com/bid/105594 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3145;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:105607 | URL:http://www.securityfocus.com/bid/105607 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.23;5;7;23;CVE-2018-3155;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"BID:105594 | URL:http://www.securityfocus.com/bid/105594 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3155;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"BID:105594 | URL:http://www.securityfocus.com/bid/105594 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.41;5;6;41;CVE-2018-3156;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:105600 | URL:http://www.securityfocus.com/bid/105600 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20181107 [SECURITY] [DLA 1570-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00007.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.23;5;7;23;CVE-2018-3156;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:105600 | URL:http://www.securityfocus.com/bid/105600 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20181107 [SECURITY] [DLA 1570-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00007.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3156;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:105600 | URL:http://www.securityfocus.com/bid/105600 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20181107 [SECURITY] [DLA 1570-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00007.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.23;5;7;23;CVE-2018-3161;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105594 | URL:http://www.securityfocus.com/bid/105594 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3161;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105594 | URL:http://www.securityfocus.com/bid/105594 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.23;5;7;23;CVE-2018-3162;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105594 | URL:http://www.securityfocus.com/bid/105594 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3162;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105594 | URL:http://www.securityfocus.com/bid/105594 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3170;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105607 | URL:http://www.securityfocus.com/bid/105607 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.23;5;7;23;CVE-2018-3171;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).";"BID:105594 | URL:http://www.securityfocus.com/bid/105594 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3171;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).";"BID:105594 | URL:http://www.securityfocus.com/bid/105594 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.23;5;7;23;CVE-2018-3173;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105594 | URL:http://www.securityfocus.com/bid/105594 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3173;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105594 | URL:http://www.securityfocus.com/bid/105594 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.5.61;5;5;61;CVE-2018-3174;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior; 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).";"BID:105612 | URL:http://www.securityfocus.com/bid/105612 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html | MLIST:[debian-lts-announce] 20181107 [SECURITY] [DLA 1570-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00007.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/ | UBUNTU:USN-3799-2 | URL:https://usn.ubuntu.com/3799-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.41;5;6;41;CVE-2018-3174;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior; 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).";"BID:105612 | URL:http://www.securityfocus.com/bid/105612 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html | MLIST:[debian-lts-announce] 20181107 [SECURITY] [DLA 1570-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00007.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/ | UBUNTU:USN-3799-2 | URL:https://usn.ubuntu.com/3799-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.23;5;7;23;CVE-2018-3174;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior; 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).";"BID:105612 | URL:http://www.securityfocus.com/bid/105612 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html | MLIST:[debian-lts-announce] 20181107 [SECURITY] [DLA 1570-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00007.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/ | UBUNTU:USN-3799-2 | URL:https://usn.ubuntu.com/3799-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3174;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior; 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).";"BID:105612 | URL:http://www.securityfocus.com/bid/105612 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html | MLIST:[debian-lts-announce] 20181107 [SECURITY] [DLA 1570-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00007.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/ | UBUNTU:USN-3799-2 | URL:https://usn.ubuntu.com/3799-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3182;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:105607 | URL:http://www.securityfocus.com/bid/105607 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.23;5;7;23;CVE-2018-3185;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"BID:105594 | URL:http://www.securityfocus.com/bid/105594 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3185;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"BID:105594 | URL:http://www.securityfocus.com/bid/105594 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3186;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105607 | URL:http://www.securityfocus.com/bid/105607 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.23;5;7;23;CVE-2018-3187;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"BID:105594 | URL:http://www.securityfocus.com/bid/105594 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3187;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"BID:105594 | URL:http://www.securityfocus.com/bid/105594 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3195;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"BID:105607 | URL:http://www.securityfocus.com/bid/105607 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.23;5;7;23;CVE-2018-3200;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105594 | URL:http://www.securityfocus.com/bid/105594 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3200;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105594 | URL:http://www.securityfocus.com/bid/105594 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3203;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:105607 | URL:http://www.securityfocus.com/bid/105607 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3212;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Information Schema). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105607 | URL:http://www.securityfocus.com/bid/105607 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.41;5;6;41;CVE-2018-3247;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Merge). Supported versions that are affected are 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"BID:105600 | URL:http://www.securityfocus.com/bid/105600 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.23;5;7;23;CVE-2018-3247;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Merge). Supported versions that are affected are 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"BID:105600 | URL:http://www.securityfocus.com/bid/105600 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3247;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Merge). Supported versions that are affected are 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"BID:105600 | URL:http://www.securityfocus.com/bid/105600 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.41;5;6;41;CVE-2018-3251;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:105600 | URL:http://www.securityfocus.com/bid/105600 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20181107 [SECURITY] [DLA 1570-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00007.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.23;5;7;23;CVE-2018-3251;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:105600 | URL:http://www.securityfocus.com/bid/105600 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20181107 [SECURITY] [DLA 1570-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00007.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3251;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:105600 | URL:http://www.securityfocus.com/bid/105600 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20181107 [SECURITY] [DLA 1570-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00007.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.41;5;6;41;CVE-2018-3276;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105600 | URL:http://www.securityfocus.com/bid/105600 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.23;5;7;23;CVE-2018-3276;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105600 | URL:http://www.securityfocus.com/bid/105600 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3276;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105600 | URL:http://www.securityfocus.com/bid/105600 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.23;5;7;23;CVE-2018-3277;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105594 | URL:http://www.securityfocus.com/bid/105594 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3277;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105594 | URL:http://www.securityfocus.com/bid/105594 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.41;5;6;41;CVE-2018-3278;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: RBR). Supported versions that are affected are 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105600 | URL:http://www.securityfocus.com/bid/105600 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.23;5;7;23;CVE-2018-3278;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: RBR). Supported versions that are affected are 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105600 | URL:http://www.securityfocus.com/bid/105600 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3278;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: RBR). Supported versions that are affected are 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105600 | URL:http://www.securityfocus.com/bid/105600 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3279;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105607 | URL:http://www.securityfocus.com/bid/105607 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3280;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: JSON). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105607 | URL:http://www.securityfocus.com/bid/105607 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888";Assigned (20171215);"None (candidate not yet proposed)";"" 5.5.61;5;5;61;CVE-2018-3282;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior; 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105610 | URL:http://www.securityfocus.com/bid/105610 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html | MLIST:[debian-lts-announce] 20181107 [SECURITY] [DLA 1570-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00007.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | REDHAT:RHSA-2019:2327 | URL:https://access.redhat.com/errata/RHSA-2019:2327 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/ | UBUNTU:USN-3799-2 | URL:https://usn.ubuntu.com/3799-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.6.41;5;6;41;CVE-2018-3282;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior; 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105610 | URL:http://www.securityfocus.com/bid/105610 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html | MLIST:[debian-lts-announce] 20181107 [SECURITY] [DLA 1570-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00007.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | REDHAT:RHSA-2019:2327 | URL:https://access.redhat.com/errata/RHSA-2019:2327 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/ | UBUNTU:USN-3799-2 | URL:https://usn.ubuntu.com/3799-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.23;5;7;23;CVE-2018-3282;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior; 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105610 | URL:http://www.securityfocus.com/bid/105610 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html | MLIST:[debian-lts-announce] 20181107 [SECURITY] [DLA 1570-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00007.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | REDHAT:RHSA-2019:2327 | URL:https://access.redhat.com/errata/RHSA-2019:2327 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/ | UBUNTU:USN-3799-2 | URL:https://usn.ubuntu.com/3799-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3282;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior; 5.6.41 and prior; 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105610 | URL:http://www.securityfocus.com/bid/105610 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | DEBIAN:DSA-4341 | URL:https://www.debian.org/security/2018/dsa-4341 | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html | MLIST:[debian-lts-announce] 20181107 [SECURITY] [DLA 1570-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00007.html | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | REDHAT:RHSA-2019:2327 | URL:https://access.redhat.com/errata/RHSA-2019:2327 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/ | UBUNTU:USN-3799-2 | URL:https://usn.ubuntu.com/3799-2/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.23;5;7;23;CVE-2018-3283;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Logging). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105594 | URL:http://www.securityfocus.com/bid/105594 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3283;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Logging). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105594 | URL:http://www.securityfocus.com/bid/105594 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 5.7.23;5;7;23;CVE-2018-3284;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105594 | URL:http://www.securityfocus.com/bid/105594 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3284;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105594 | URL:http://www.securityfocus.com/bid/105594 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | REDHAT:RHSA-2018:3655 | URL:https://access.redhat.com/errata/RHSA-2018:3655 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888 | UBUNTU:USN-3799-1 | URL:https://usn.ubuntu.com/3799-1/";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3285;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Windows). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:105607 | URL:http://www.securityfocus.com/bid/105607 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888";Assigned (20171215);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2018-3286;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"BID:105607 | URL:http://www.securityfocus.com/bid/105607 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | CONFIRM:https://security.netapp.com/advisory/ntap-20181018-0002/ | SECTRACK:1041888 | URL:http://www.securitytracker.com/id/1041888";Assigned (20171215);"None (candidate not yet proposed)";"" 0.37.12;0;37;12;CVE-2018-6617;Candidate;"Easy Hosting Control Panel (EHCP) v0.37.12.b; when using a local MySQL server; allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password.";"MISC:http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-UNVERIFIED-PASSWORD-CHANGE.txt | MISC:http://packetstormsecurity.com/files/147558/Easy-Hosting-Control-Panel-0.37.12.b-Unverified-Password-Change.html";Assigned (20180204);"None (candidate not yet proposed)";"" 18.3.4;18;3;4;CVE-2019-1010259;Candidate;"SaltStack Salt 2018.3; 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is: specially crafted password string. The fixed version is: 2018.3.4.";"MISC:https://github.com/ShantonRU/salt/commit/a46c86a987c78e74e87969d8d3b27094e6544b7a | MISC:https://github.com/saltstack/salt/blob/f22de0887cd7167887f113bf394244b74fb36b6b/salt/modules/mysql.py#L1534 | MISC:https://github.com/saltstack/salt/pull/51462";Assigned (20190320);"None (candidate not yet proposed)";"" 9.0.1;9;0;1;CVE-2019-11200;Candidate;"Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However; the application performs insufficient checks on the export parameters to mysqldump; which can lead to execution of arbitrary binaries on the server. (Malicious binaries can be uploaded by abusing other functionalities of the application.)";"MISC:https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities";Assigned (20190411);"None (candidate not yet proposed)";"" 2.9.8;2;9;8;CVE-2019-12086;Candidate;"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint; the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath; and an attacker can host a crafted MySQL server reachable by the victim; an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.";"BID:109227 | URL:http://www.securityfocus.com/bid/109227 | BUGTRAQ:20190527 [SECURITY] [DSA 4452-1] jackson-databind security update | URL:https://seclists.org/bugtraq/2019/May/68 | CONFIRM:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | URL:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | CONFIRM:https://security.netapp.com/advisory/ntap-20190530-0003/ | URL:https://security.netapp.com/advisory/ntap-20190530-0003/ | DEBIAN:DSA-4452 | URL:https://www.debian.org/security/2019/dsa-4452 | FEDORA:FEDORA-2019-99ff6aa32c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | URL:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | MISC:https://github.com/FasterXML/jackson-databind/issues/2326 | URL:https://github.com/FasterXML/jackson-databind/issues/2326 | MISC:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | URL:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | MISC:https://www.oracle.com/security-alerts/cpuApr2021.html | URL:https://www.oracle.com/security-alerts/cpuApr2021.html | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities | URL:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1 | URL:https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E | MLIST:[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757 | URL:https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E | REDHAT:RHSA-2019:2858 | URL:https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT:RHSA-2019:2935 | URL:https://access.redhat.com/errata/RHSA-2019:2935 | REDHAT:RHSA-2019:2936 | URL:https://access.redhat.com/errata/RHSA-2019:2936 | REDHAT:RHSA-2019:2937 | URL:https://access.redhat.com/errata/RHSA-2019:2937 | REDHAT:RHSA-2019:2938 | URL:https://access.redhat.com/errata/RHSA-2019:2938 | REDHAT:RHSA-2019:2998 | URL:https://access.redhat.com/errata/RHSA-2019:2998 | REDHAT:RHSA-2019:3044 | URL:https://access.redhat.com/errata/RHSA-2019:3044 | REDHAT:RHSA-2019:3045 | URL:https://access.redhat.com/errata/RHSA-2019:3045 | REDHAT:RHSA-2019:3046 | URL:https://access.redhat.com/errata/RHSA-2019:3046 | REDHAT:RHSA-2019:3050 | URL:https://access.redhat.com/errata/RHSA-2019:3050 | REDHAT:RHSA-2019:3149 | URL:https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200";Assigned (20190513);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-12086;Candidate;"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint; the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath; and an attacker can host a crafted MySQL server reachable by the victim; an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.";"BID:109227 | URL:http://www.securityfocus.com/bid/109227 | BUGTRAQ:20190527 [SECURITY] [DSA 4452-1] jackson-databind security update | URL:https://seclists.org/bugtraq/2019/May/68 | CONFIRM:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | URL:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | CONFIRM:https://security.netapp.com/advisory/ntap-20190530-0003/ | URL:https://security.netapp.com/advisory/ntap-20190530-0003/ | DEBIAN:DSA-4452 | URL:https://www.debian.org/security/2019/dsa-4452 | FEDORA:FEDORA-2019-99ff6aa32c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | URL:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | MISC:https://github.com/FasterXML/jackson-databind/issues/2326 | URL:https://github.com/FasterXML/jackson-databind/issues/2326 | MISC:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | URL:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | MISC:https://www.oracle.com/security-alerts/cpuApr2021.html | URL:https://www.oracle.com/security-alerts/cpuApr2021.html | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities | URL:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1 | URL:https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E | MLIST:[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757 | URL:https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E | REDHAT:RHSA-2019:2858 | URL:https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT:RHSA-2019:2935 | URL:https://access.redhat.com/errata/RHSA-2019:2935 | REDHAT:RHSA-2019:2936 | URL:https://access.redhat.com/errata/RHSA-2019:2936 | REDHAT:RHSA-2019:2937 | URL:https://access.redhat.com/errata/RHSA-2019:2937 | REDHAT:RHSA-2019:2938 | URL:https://access.redhat.com/errata/RHSA-2019:2938 | REDHAT:RHSA-2019:2998 | URL:https://access.redhat.com/errata/RHSA-2019:2998 | REDHAT:RHSA-2019:3044 | URL:https://access.redhat.com/errata/RHSA-2019:3044 | REDHAT:RHSA-2019:3045 | URL:https://access.redhat.com/errata/RHSA-2019:3045 | REDHAT:RHSA-2019:3046 | URL:https://access.redhat.com/errata/RHSA-2019:3046 | REDHAT:RHSA-2019:3050 | URL:https://access.redhat.com/errata/RHSA-2019:3050 | REDHAT:RHSA-2019:3149 | URL:https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200";Assigned (20190513);"None (candidate not yet proposed)";"" 8.4.0;8;4;0;CVE-2019-12086;Candidate;"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint; the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath; and an attacker can host a crafted MySQL server reachable by the victim; an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.";"BID:109227 | URL:http://www.securityfocus.com/bid/109227 | BUGTRAQ:20190527 [SECURITY] [DSA 4452-1] jackson-databind security update | URL:https://seclists.org/bugtraq/2019/May/68 | CONFIRM:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | URL:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 | CONFIRM:https://security.netapp.com/advisory/ntap-20190530-0003/ | URL:https://security.netapp.com/advisory/ntap-20190530-0003/ | DEBIAN:DSA-4452 | URL:https://www.debian.org/security/2019/dsa-4452 | FEDORA:FEDORA-2019-99ff6aa32c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | FEDORA:FEDORA-2019-ae6a703b8f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | FEDORA:FEDORA-2019-fb23eccc03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | MISC:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | URL:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ | MISC:https://github.com/FasterXML/jackson-databind/issues/2326 | URL:https://github.com/FasterXML/jackson-databind/issues/2326 | MISC:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | URL:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | MISC:https://www.oracle.com/security-alerts/cpuApr2021.html | URL:https://www.oracle.com/security-alerts/cpuApr2021.html | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | URL:https://www.oracle.com/security-alerts/cpujan2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | MLIST:[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities | URL:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20190521 [SECURITY] [DLA 1798-1] jackson-databind security update | URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html | MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities | URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E | MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E | MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities | URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E | MLIST:[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1 | URL:https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E | MLIST:[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E | MLIST:[nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html | URL:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E | MLIST:[spark-reviews] 20190520 [GitHub] [spark] Fokko opened a new pull request #24646: Spark 27757 | URL:https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E | REDHAT:RHSA-2019:2858 | URL:https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT:RHSA-2019:2935 | URL:https://access.redhat.com/errata/RHSA-2019:2935 | REDHAT:RHSA-2019:2936 | URL:https://access.redhat.com/errata/RHSA-2019:2936 | REDHAT:RHSA-2019:2937 | URL:https://access.redhat.com/errata/RHSA-2019:2937 | REDHAT:RHSA-2019:2938 | URL:https://access.redhat.com/errata/RHSA-2019:2938 | REDHAT:RHSA-2019:2998 | URL:https://access.redhat.com/errata/RHSA-2019:2998 | REDHAT:RHSA-2019:3044 | URL:https://access.redhat.com/errata/RHSA-2019:3044 | REDHAT:RHSA-2019:3045 | URL:https://access.redhat.com/errata/RHSA-2019:3045 | REDHAT:RHSA-2019:3046 | URL:https://access.redhat.com/errata/RHSA-2019:3046 | REDHAT:RHSA-2019:3050 | URL:https://access.redhat.com/errata/RHSA-2019:3050 | REDHAT:RHSA-2019:3149 | URL:https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT:RHSA-2019:3200 | URL:https://access.redhat.com/errata/RHSA-2019:3200";Assigned (20190513);"None (candidate not yet proposed)";"" 5.6.44;5;6;44;CVE-2019-12301;Candidate;"The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2.";"MISC:https://jira.percona.com/browse/PS-5640 | MISC:https://www.percona.com/blog/2019/05/17/percona-server-for-mysql-5-6-44-85-0-is-now-available/";Assigned (20190523);"None (candidate not yet proposed)";"" 5.4.0;5;4;0;CVE-2019-15635;Candidate;"An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g.; MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the ""Save and test"" button within a data source's settings menu. When watching the transaction with Burp Proxy; the password for the data source is revealed and sent to the server. From a browser; a prompt to save the credentials is generated; and the password can be revealed by simply checking the ""Show password"" box.";"CONFIRM:https://security.netapp.com/advisory/ntap-20191009-0002/ | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/167244";Assigned (20190826);"None (candidate not yet proposed)";"" 65.0.0;65;0;0;CVE-2019-16065;Candidate;"A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows an attacker to execute SQL commands to expose and compromise the web server; expose database tables and values; and potentially execute system-based commands as the mysql user. This affects the search_pattern value of the manage_hosts_short.cgi script.";"MISC:https://www.mogozobo.com/?p=3647";Assigned (20190906);"None (candidate not yet proposed)";"" 10.2.3;10;2;3;CVE-2019-16383;Candidate;"MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4; 2019 before 11.0.2; and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or may be able to alter the database via the REST API; aka SQL Injection.";"CONFIRM:https://community.ipswitch.com/s/article/SQL-Injection-Vulnerability | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2018SP2/ReleaseNotes/en/index.htm#46490.htm | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm | MISC:http://packetstormsecurity.com/files/157208/MOVEit-Transfer-11.1.1-SQL-Injection.html";Assigned (20190917);"None (candidate not yet proposed)";"" 11.0.1;11;0;1;CVE-2019-16383;Candidate;"MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4; 2019 before 11.0.2; and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or may be able to alter the database via the REST API; aka SQL Injection.";"CONFIRM:https://community.ipswitch.com/s/article/SQL-Injection-Vulnerability | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2018SP2/ReleaseNotes/en/index.htm#46490.htm | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm | MISC:http://packetstormsecurity.com/files/157208/MOVEit-Transfer-11.1.1-SQL-Injection.html";Assigned (20190917);"None (candidate not yet proposed)";"" 11.1.0;11;1;0;CVE-2019-16383;Candidate;"MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4; 2019 before 11.0.2; and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or may be able to alter the database via the REST API; aka SQL Injection.";"CONFIRM:https://community.ipswitch.com/s/article/SQL-Injection-Vulnerability | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2018SP2/ReleaseNotes/en/index.htm#46490.htm | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm | MISC:http://packetstormsecurity.com/files/157208/MOVEit-Transfer-11.1.1-SQL-Injection.html";Assigned (20190917);"None (candidate not yet proposed)";"" 10.2.5;10;2;5;CVE-2019-18464;Candidate;"In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3); 11.0 before 11.0.4 (2019.0.4); and 11.1 before 11.1.3 (2019.1.3); multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database or may be able to alter the database.";"CONFIRM:https://community.ipswitch.com/s/article/SQL-Injection-Vulnerability-2 | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2018SP2/ReleaseNotes/en/index.htm#46490.htm | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm";Assigned (20191025);"None (candidate not yet proposed)";"" 11.0.3;11;0;3;CVE-2019-18464;Candidate;"In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3); 11.0 before 11.0.4 (2019.0.4); and 11.1 before 11.1.3 (2019.1.3); multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database or may be able to alter the database.";"CONFIRM:https://community.ipswitch.com/s/article/SQL-Injection-Vulnerability-2 | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2018SP2/ReleaseNotes/en/index.htm#46490.htm | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm";Assigned (20191025);"None (candidate not yet proposed)";"" 19.0.3;19;0;3;CVE-2019-18464;Candidate;"In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3); 11.0 before 11.0.4 (2019.0.4); and 11.1 before 11.1.3 (2019.1.3); multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database or may be able to alter the database.";"CONFIRM:https://community.ipswitch.com/s/article/SQL-Injection-Vulnerability-2 | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2018SP2/ReleaseNotes/en/index.htm#46490.htm | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm";Assigned (20191025);"None (candidate not yet proposed)";"" 11.1.2;11;1;2;CVE-2019-18464;Candidate;"In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3); 11.0 before 11.0.4 (2019.0.4); and 11.1 before 11.1.3 (2019.1.3); multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database or may be able to alter the database.";"CONFIRM:https://community.ipswitch.com/s/article/SQL-Injection-Vulnerability-2 | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2018SP2/ReleaseNotes/en/index.htm#46490.htm | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm";Assigned (20191025);"None (candidate not yet proposed)";"" 19.1.2;19;1;2;CVE-2019-18464;Candidate;"In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3); 11.0 before 11.0.4 (2019.0.4); and 11.1 before 11.1.3 (2019.1.3); multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database or may be able to alter the database.";"CONFIRM:https://community.ipswitch.com/s/article/SQL-Injection-Vulnerability-2 | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2018SP2/ReleaseNotes/en/index.htm#46490.htm | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm";Assigned (20191025);"None (candidate not yet proposed)";"" 10.2.31;10;2;31;CVE-2019-18901;Candidate;"A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12; SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1.";"CONFIRM:https://bugzilla.suse.com/show_bug.cgi?id=1160895 | URL:https://bugzilla.suse.com/show_bug.cgi?id=1160895 | SUSE:openSUSE-SU-2020:0289 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html";Assigned (20191112);"None (candidate not yet proposed)";"" 3.25.1;3;25;1;CVE-2019-18901;Candidate;"A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12; SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1.";"CONFIRM:https://bugzilla.suse.com/show_bug.cgi?id=1160895 | URL:https://bugzilla.suse.com/show_bug.cgi?id=1160895 | SUSE:openSUSE-SU-2020:0289 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html";Assigned (20191112);"None (candidate not yet proposed)";"" 3.26.1;3;26;1;CVE-2019-18901;Candidate;"A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12; SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1.";"CONFIRM:https://bugzilla.suse.com/show_bug.cgi?id=1160895 | URL:https://bugzilla.suse.com/show_bug.cgi?id=1160895 | SUSE:openSUSE-SU-2020:0289 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html";Assigned (20191112);"None (candidate not yet proposed)";"" 2.0.27;2;0;27;CVE-2019-20917;Candidate;"An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules; this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.";"DEBIAN:DSA-4764 | URL:https://www.debian.org/security/2020/dsa-4764 | MISC:https://docs.inspircd.org/security/2019-02/ | MISC:https://github.com/inspircd/inspircd/commit/2cc35d8625b7ea5cbd1d1ebb116aff86c5280162 | MISC:https://github.com/inspircd/inspircd/commit/8745660fcdac7c1b80c94cfc0ff60928cd4dd4b7 | MLIST:[debian-lts-announce] 20200920 [SECURITY] [DLA 2375-1] inspircd security update | URL:https://lists.debian.org/debian-lts-announce/2020/09/msg00015.html";Assigned (20200911);"None (candidate not yet proposed)";"" 3.3.-1;3;3;-1;CVE-2019-20917;Candidate;"An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules; this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.";"DEBIAN:DSA-4764 | URL:https://www.debian.org/security/2020/dsa-4764 | MISC:https://docs.inspircd.org/security/2019-02/ | MISC:https://github.com/inspircd/inspircd/commit/2cc35d8625b7ea5cbd1d1ebb116aff86c5280162 | MISC:https://github.com/inspircd/inspircd/commit/8745660fcdac7c1b80c94cfc0ff60928cd4dd4b7 | MLIST:[debian-lts-announce] 20200920 [SECURITY] [DLA 2375-1] inspircd security update | URL:https://lists.debian.org/debian-lts-announce/2020/09/msg00015.html";Assigned (20200911);"None (candidate not yet proposed)";"" 3.0.4;3;0;4;CVE-2019-20917;Candidate;"An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules; this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.";"DEBIAN:DSA-4764 | URL:https://www.debian.org/security/2020/dsa-4764 | MISC:https://docs.inspircd.org/security/2019-02/ | MISC:https://github.com/inspircd/inspircd/commit/2cc35d8625b7ea5cbd1d1ebb116aff86c5280162 | MISC:https://github.com/inspircd/inspircd/commit/8745660fcdac7c1b80c94cfc0ff60928cd4dd4b7 | MLIST:[debian-lts-announce] 20200920 [SECURITY] [DLA 2375-1] inspircd security update | URL:https://lists.debian.org/debian-lts-announce/2020/09/msg00015.html";Assigned (20200911);"None (candidate not yet proposed)";"" 5.7.24;5;7;24;CVE-2019-2420;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106627 | URL:http://www.securityfocus.com/bid/106627 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-2420;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106627 | URL:http://www.securityfocus.com/bid/106627 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.24;5;7;24;CVE-2019-2434;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:106619 | URL:http://www.securityfocus.com/bid/106619 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-2434;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:106619 | URL:http://www.securityfocus.com/bid/106619 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-2436;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"BID:106625 | URL:http://www.securityfocus.com/bid/106625 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.42;5;6;42;CVE-2019-2455;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:106628 | URL:http://www.securityfocus.com/bid/106628 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.24;5;7;24;CVE-2019-2455;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:106628 | URL:http://www.securityfocus.com/bid/106628 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-2455;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:106628 | URL:http://www.securityfocus.com/bid/106628 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.42;5;6;42;CVE-2019-2481;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106619 | URL:http://www.securityfocus.com/bid/106619 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.24;5;7;24;CVE-2019-2481;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106619 | URL:http://www.securityfocus.com/bid/106619 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-2481;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106619 | URL:http://www.securityfocus.com/bid/106619 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.42;5;6;42;CVE-2019-2482;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:106619 | URL:http://www.securityfocus.com/bid/106619 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.24;5;7;24;CVE-2019-2482;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:106619 | URL:http://www.securityfocus.com/bid/106619 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-2482;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:106619 | URL:http://www.securityfocus.com/bid/106619 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.24;5;7;24;CVE-2019-2486;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106627 | URL:http://www.securityfocus.com/bid/106627 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-2486;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106627 | URL:http://www.securityfocus.com/bid/106627 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-2494;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106625 | URL:http://www.securityfocus.com/bid/106625 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-2495;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106625 | URL:http://www.securityfocus.com/bid/106625 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-2502;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106625 | URL:http://www.securityfocus.com/bid/106625 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.42;5;6;42;CVE-2019-2503;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).";"BID:106626 | URL:http://www.securityfocus.com/bid/106626 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | REDHAT:RHSA-2019:2327 | URL:https://access.redhat.com/errata/RHSA-2019:2327 | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.24;5;7;24;CVE-2019-2503;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).";"BID:106626 | URL:http://www.securityfocus.com/bid/106626 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | REDHAT:RHSA-2019:2327 | URL:https://access.redhat.com/errata/RHSA-2019:2327 | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-2503;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).";"BID:106626 | URL:http://www.securityfocus.com/bid/106626 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | REDHAT:RHSA-2019:2327 | URL:https://access.redhat.com/errata/RHSA-2019:2327 | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.42;5;6;42;CVE-2019-2507;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106619 | URL:http://www.securityfocus.com/bid/106619 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.24;5;7;24;CVE-2019-2507;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106619 | URL:http://www.securityfocus.com/bid/106619 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-2507;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106619 | URL:http://www.securityfocus.com/bid/106619 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.24;5;7;24;CVE-2019-2510;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106627 | URL:http://www.securityfocus.com/bid/106627 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-2510;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106627 | URL:http://www.securityfocus.com/bid/106627 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-2513;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N).";"BID:106622 | URL:http://www.securityfocus.com/bid/106622 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.24;5;7;24;CVE-2019-2528;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106627 | URL:http://www.securityfocus.com/bid/106627 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-2528;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106627 | URL:http://www.securityfocus.com/bid/106627 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.42;5;6;42;CVE-2019-2529;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:106619 | URL:http://www.securityfocus.com/bid/106619 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20190201 [SECURITY] [DLA 1655-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00000.html | REDHAT:RHSA-2019:2327 | URL:https://access.redhat.com/errata/RHSA-2019:2327 | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.24;5;7;24;CVE-2019-2529;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:106619 | URL:http://www.securityfocus.com/bid/106619 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20190201 [SECURITY] [DLA 1655-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00000.html | REDHAT:RHSA-2019:2327 | URL:https://access.redhat.com/errata/RHSA-2019:2327 | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-2529;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BID:106619 | URL:http://www.securityfocus.com/bid/106619 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20190201 [SECURITY] [DLA 1655-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00000.html | REDHAT:RHSA-2019:2327 | URL:https://access.redhat.com/errata/RHSA-2019:2327 | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-2530;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106625 | URL:http://www.securityfocus.com/bid/106625 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.42;5;6;42;CVE-2019-2531;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106619 | URL:http://www.securityfocus.com/bid/106619 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.24;5;7;24;CVE-2019-2531;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106619 | URL:http://www.securityfocus.com/bid/106619 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-2531;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106619 | URL:http://www.securityfocus.com/bid/106619 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.24;5;7;24;CVE-2019-2532;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106627 | URL:http://www.securityfocus.com/bid/106627 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-2532;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106627 | URL:http://www.securityfocus.com/bid/106627 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-2533;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.42;5;6;42;CVE-2019-2534;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).";"BID:106619 | URL:http://www.securityfocus.com/bid/106619 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.24;5;7;24;CVE-2019-2534;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).";"BID:106619 | URL:http://www.securityfocus.com/bid/106619 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-2534;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).";"BID:106619 | URL:http://www.securityfocus.com/bid/106619 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-2535;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106622 | URL:http://www.securityfocus.com/bid/106622 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-2536;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:H).";"BID:106622 | URL:http://www.securityfocus.com/bid/106622 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.42;5;6;42;CVE-2019-2537;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106619 | URL:http://www.securityfocus.com/bid/106619 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20190201 [SECURITY] [DLA 1655-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00000.html | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.24;5;7;24;CVE-2019-2537;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106619 | URL:http://www.securityfocus.com/bid/106619 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20190201 [SECURITY] [DLA 1655-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00000.html | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-2537;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.42 and prior; 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106619 | URL:http://www.securityfocus.com/bid/106619 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | GENTOO:GLSA-201908-24 | URL:https://security.gentoo.org/glsa/201908-24 | MLIST:[debian-lts-announce] 20190201 [SECURITY] [DLA 1655-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00000.html | REDHAT:RHSA-2019:1258 | URL:https://access.redhat.com/errata/RHSA-2019:1258 | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | UBUNTU:USN-3867-1 | URL:https://usn.ubuntu.com/3867-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.13;8;0;13;CVE-2019-2539;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BID:106625 | URL:http://www.securityfocus.com/bid/106625 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | CONFIRM:https://security.netapp.com/advisory/ntap-20190118-0002/ | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.25;5;7;25;CVE-2019-2566;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K58502649 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | UBUNTU:USN-3957-1 | URL:https://usn.ubuntu.com/3957-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2566;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K58502649 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | UBUNTU:USN-3957-1 | URL:https://usn.ubuntu.com/3957-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2580;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K58502649 | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.25;5;7;25;CVE-2019-2581;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K58502649 | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3957-1 | URL:https://usn.ubuntu.com/3957-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2581;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K58502649 | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3957-1 | URL:https://usn.ubuntu.com/3957-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2584;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K58502649 | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2585;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K54470776 | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2587;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K54470776 | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2589;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K54470776 | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.25;5;7;25;CVE-2019-2592;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K54470776 | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3957-1 | URL:https://usn.ubuntu.com/3957-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2592;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K54470776 | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3957-1 | URL:https://usn.ubuntu.com/3957-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2593;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K54470776 | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2596;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K52514501 | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2606;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K52514501 | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2607;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K52514501 | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.43;5;6;43;CVE-2019-2614;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior; 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K52514501 | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2327 | URL:https://access.redhat.com/errata/RHSA-2019:2327 | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | SUSE:openSUSE-SU-2019:1913 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html | SUSE:openSUSE-SU-2019:1915 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html | UBUNTU:USN-3957-1 | URL:https://usn.ubuntu.com/3957-1/ | UBUNTU:USN-3957-2 | URL:https://usn.ubuntu.com/3957-2/ | UBUNTU:USN-3957-3 | URL:https://usn.ubuntu.com/3957-3/ | UBUNTU:USN-4070-3 | URL:https://usn.ubuntu.com/4070-3/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.25;5;7;25;CVE-2019-2614;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior; 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K52514501 | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2327 | URL:https://access.redhat.com/errata/RHSA-2019:2327 | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | SUSE:openSUSE-SU-2019:1913 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html | SUSE:openSUSE-SU-2019:1915 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html | UBUNTU:USN-3957-1 | URL:https://usn.ubuntu.com/3957-1/ | UBUNTU:USN-3957-2 | URL:https://usn.ubuntu.com/3957-2/ | UBUNTU:USN-3957-3 | URL:https://usn.ubuntu.com/3957-3/ | UBUNTU:USN-4070-3 | URL:https://usn.ubuntu.com/4070-3/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2614;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior; 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K52514501 | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2327 | URL:https://access.redhat.com/errata/RHSA-2019:2327 | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | SUSE:openSUSE-SU-2019:1913 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html | SUSE:openSUSE-SU-2019:1915 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html | UBUNTU:USN-3957-1 | URL:https://usn.ubuntu.com/3957-1/ | UBUNTU:USN-3957-2 | URL:https://usn.ubuntu.com/3957-2/ | UBUNTU:USN-3957-3 | URL:https://usn.ubuntu.com/3957-3/ | UBUNTU:USN-4070-3 | URL:https://usn.ubuntu.com/4070-3/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2617;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K52514501 | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2620;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K43540241 | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2623;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K43540241 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2624;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K43540241 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2625;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K43540241 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2626;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K43540241 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.43;5;6;43;CVE-2019-2627;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior; 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K32798641 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2327 | URL:https://access.redhat.com/errata/RHSA-2019:2327 | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | SUSE:openSUSE-SU-2019:1913 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html | SUSE:openSUSE-SU-2019:1915 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html | UBUNTU:USN-3957-1 | URL:https://usn.ubuntu.com/3957-1/ | UBUNTU:USN-3957-2 | URL:https://usn.ubuntu.com/3957-2/ | UBUNTU:USN-3957-3 | URL:https://usn.ubuntu.com/3957-3/ | UBUNTU:USN-4070-3 | URL:https://usn.ubuntu.com/4070-3/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.25;5;7;25;CVE-2019-2627;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior; 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K32798641 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2327 | URL:https://access.redhat.com/errata/RHSA-2019:2327 | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | SUSE:openSUSE-SU-2019:1913 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html | SUSE:openSUSE-SU-2019:1915 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html | UBUNTU:USN-3957-1 | URL:https://usn.ubuntu.com/3957-1/ | UBUNTU:USN-3957-2 | URL:https://usn.ubuntu.com/3957-2/ | UBUNTU:USN-3957-3 | URL:https://usn.ubuntu.com/3957-3/ | UBUNTU:USN-4070-3 | URL:https://usn.ubuntu.com/4070-3/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2627;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior; 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K32798641 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2327 | URL:https://access.redhat.com/errata/RHSA-2019:2327 | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | SUSE:openSUSE-SU-2019:1913 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html | SUSE:openSUSE-SU-2019:1915 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html | UBUNTU:USN-3957-1 | URL:https://usn.ubuntu.com/3957-1/ | UBUNTU:USN-3957-2 | URL:https://usn.ubuntu.com/3957-2/ | UBUNTU:USN-3957-3 | URL:https://usn.ubuntu.com/3957-3/ | UBUNTU:USN-4070-3 | URL:https://usn.ubuntu.com/4070-3/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.25;5;7;25;CVE-2019-2628;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K32798641 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | SUSE:openSUSE-SU-2019:1913 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html | SUSE:openSUSE-SU-2019:1915 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html | UBUNTU:USN-3957-1 | URL:https://usn.ubuntu.com/3957-1/ | UBUNTU:USN-4070-3 | URL:https://usn.ubuntu.com/4070-3/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2628;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K32798641 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | SUSE:openSUSE-SU-2019:1913 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html | SUSE:openSUSE-SU-2019:1915 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html | UBUNTU:USN-3957-1 | URL:https://usn.ubuntu.com/3957-1/ | UBUNTU:USN-4070-3 | URL:https://usn.ubuntu.com/4070-3/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2630;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K32798641 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2631;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Information Schema). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K32798641 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.25;5;7;25;CVE-2019-2632;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://support.f5.com/csp/article/K32798641 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | UBUNTU:USN-3957-1 | URL:https://usn.ubuntu.com/3957-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2632;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://support.f5.com/csp/article/K32798641 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | UBUNTU:USN-3957-1 | URL:https://usn.ubuntu.com/3957-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2634;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K42793451 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2635;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K42793451 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2636;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Group Replication Plugin). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via MySQL Procotol to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K42793451 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2644;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K42793451 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2681;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K42793451 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.43;5;6;43;CVE-2019-2683;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.43 and prior; 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K28312671 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3957-1 | URL:https://usn.ubuntu.com/3957-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.25;5;7;25;CVE-2019-2683;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.43 and prior; 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K28312671 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3957-1 | URL:https://usn.ubuntu.com/3957-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2683;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.43 and prior; 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K28312671 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-3957-1 | URL:https://usn.ubuntu.com/3957-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2685;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K28312671 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2686;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K28312671 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2687;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K28312671 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2688;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K28312671 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2689;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K04246541 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2691;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K04246541 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2693;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K04246541 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2694;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K04246541 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2695;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K04246541 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.44;5;6;44;CVE-2019-2730;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior and 5.7.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://support.f5.com/csp/article/K51272092 | CONFIRM:https://support.f5.com/csp/article/K51272092?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.18;5;7;18;CVE-2019-2730;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior and 5.7.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://support.f5.com/csp/article/K51272092 | CONFIRM:https://support.f5.com/csp/article/K51272092?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.23;5;7;23;CVE-2019-2731;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).";"CONFIRM:https://support.f5.com/csp/article/K51272092 | CONFIRM:https://support.f5.com/csp/article/K51272092?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.44;5;6;44;CVE-2019-2737;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior; 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BUGTRAQ:20190802 [slackware-security] mariadb (SSA:2019-213-01) | URL:https://seclists.org/bugtraq/2019/Aug/1 | CONFIRM:https://support.f5.com/csp/article/K51272092 | CONFIRM:https://support.f5.com/csp/article/K51272092?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/ | UBUNTU:USN-4070-2 | URL:https://usn.ubuntu.com/4070-2/ | UBUNTU:USN-4070-3 | URL:https://usn.ubuntu.com/4070-3/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.26;5;7;26;CVE-2019-2737;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior; 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BUGTRAQ:20190802 [slackware-security] mariadb (SSA:2019-213-01) | URL:https://seclists.org/bugtraq/2019/Aug/1 | CONFIRM:https://support.f5.com/csp/article/K51272092 | CONFIRM:https://support.f5.com/csp/article/K51272092?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/ | UBUNTU:USN-4070-2 | URL:https://usn.ubuntu.com/4070-2/ | UBUNTU:USN-4070-3 | URL:https://usn.ubuntu.com/4070-3/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2737;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior; 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"BUGTRAQ:20190802 [slackware-security] mariadb (SSA:2019-213-01) | URL:https://seclists.org/bugtraq/2019/Aug/1 | CONFIRM:https://support.f5.com/csp/article/K51272092 | CONFIRM:https://support.f5.com/csp/article/K51272092?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/ | UBUNTU:USN-4070-2 | URL:https://usn.ubuntu.com/4070-2/ | UBUNTU:USN-4070-3 | URL:https://usn.ubuntu.com/4070-3/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.44;5;6;44;CVE-2019-2738;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Compiling). Supported versions that are affected are 5.6.44 and prior; 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://support.f5.com/csp/article/K51272092 | CONFIRM:https://support.f5.com/csp/article/K51272092?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.26;5;7;26;CVE-2019-2738;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Compiling). Supported versions that are affected are 5.6.44 and prior; 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://support.f5.com/csp/article/K51272092 | CONFIRM:https://support.f5.com/csp/article/K51272092?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2738;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Compiling). Supported versions that are affected are 5.6.44 and prior; 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://support.f5.com/csp/article/K51272092 | CONFIRM:https://support.f5.com/csp/article/K51272092?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.44;5;6;44;CVE-2019-2739;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior; 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"BUGTRAQ:20190802 [slackware-security] mariadb (SSA:2019-213-01) | URL:https://seclists.org/bugtraq/2019/Aug/1 | CONFIRM:https://support.f5.com/csp/article/K51272092 | CONFIRM:https://support.f5.com/csp/article/K51272092?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/ | UBUNTU:USN-4070-2 | URL:https://usn.ubuntu.com/4070-2/ | UBUNTU:USN-4070-3 | URL:https://usn.ubuntu.com/4070-3/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.26;5;7;26;CVE-2019-2739;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior; 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"BUGTRAQ:20190802 [slackware-security] mariadb (SSA:2019-213-01) | URL:https://seclists.org/bugtraq/2019/Aug/1 | CONFIRM:https://support.f5.com/csp/article/K51272092 | CONFIRM:https://support.f5.com/csp/article/K51272092?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/ | UBUNTU:USN-4070-2 | URL:https://usn.ubuntu.com/4070-2/ | UBUNTU:USN-4070-3 | URL:https://usn.ubuntu.com/4070-3/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2739;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior; 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"BUGTRAQ:20190802 [slackware-security] mariadb (SSA:2019-213-01) | URL:https://seclists.org/bugtraq/2019/Aug/1 | CONFIRM:https://support.f5.com/csp/article/K51272092 | CONFIRM:https://support.f5.com/csp/article/K51272092?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/ | UBUNTU:USN-4070-2 | URL:https://usn.ubuntu.com/4070-2/ | UBUNTU:USN-4070-3 | URL:https://usn.ubuntu.com/4070-3/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.44;5;6;44;CVE-2019-2740;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior; 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BUGTRAQ:20190802 [slackware-security] mariadb (SSA:2019-213-01) | URL:https://seclists.org/bugtraq/2019/Aug/1 | CONFIRM:https://support.f5.com/csp/article/K03444640 | CONFIRM:https://support.f5.com/csp/article/K03444640?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/ | UBUNTU:USN-4070-2 | URL:https://usn.ubuntu.com/4070-2/ | UBUNTU:USN-4070-3 | URL:https://usn.ubuntu.com/4070-3/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.26;5;7;26;CVE-2019-2740;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior; 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BUGTRAQ:20190802 [slackware-security] mariadb (SSA:2019-213-01) | URL:https://seclists.org/bugtraq/2019/Aug/1 | CONFIRM:https://support.f5.com/csp/article/K03444640 | CONFIRM:https://support.f5.com/csp/article/K03444640?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/ | UBUNTU:USN-4070-2 | URL:https://usn.ubuntu.com/4070-2/ | UBUNTU:USN-4070-3 | URL:https://usn.ubuntu.com/4070-3/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2740;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior; 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BUGTRAQ:20190802 [slackware-security] mariadb (SSA:2019-213-01) | URL:https://seclists.org/bugtraq/2019/Aug/1 | CONFIRM:https://support.f5.com/csp/article/K03444640 | CONFIRM:https://support.f5.com/csp/article/K03444640?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/ | UBUNTU:USN-4070-2 | URL:https://usn.ubuntu.com/4070-2/ | UBUNTU:USN-4070-3 | URL:https://usn.ubuntu.com/4070-3/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.26;5;7;26;CVE-2019-2741;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Log). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K03444640 | CONFIRM:https://support.f5.com/csp/article/K03444640?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2741;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Log). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K03444640 | CONFIRM:https://support.f5.com/csp/article/K03444640?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2019-2743;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.12 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K03444640 | CONFIRM:https://support.f5.com/csp/article/K03444640?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2019-2746;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Data Dictionary). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K03444640 | CONFIRM:https://support.f5.com/csp/article/K03444640?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.12;8;0;12;CVE-2019-2747;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K03444640 | CONFIRM:https://support.f5.com/csp/article/K03444640?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2752;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K14118520 | CONFIRM:https://support.f5.com/csp/article/K14118520?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.25;5;7;25;CVE-2019-2755;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K14118520 | CONFIRM:https://support.f5.com/csp/article/K14118520?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2755;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K14118520 | CONFIRM:https://support.f5.com/csp/article/K14118520?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.26;5;7;26;CVE-2019-2757;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K14118520 | CONFIRM:https://support.f5.com/csp/article/K14118520?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2757;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K14118520 | CONFIRM:https://support.f5.com/csp/article/K14118520?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.26;5;7;26;CVE-2019-2758;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://support.f5.com/csp/article/K14118520 | CONFIRM:https://support.f5.com/csp/article/K14118520?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/ | UBUNTU:USN-4070-3 | URL:https://usn.ubuntu.com/4070-3/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2758;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://support.f5.com/csp/article/K14118520 | CONFIRM:https://support.f5.com/csp/article/K14118520?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/ | UBUNTU:USN-4070-3 | URL:https://usn.ubuntu.com/4070-3/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.26;5;7;26;CVE-2019-2774;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K14118520 | CONFIRM:https://support.f5.com/csp/article/K14118520?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2774;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K14118520 | CONFIRM:https://support.f5.com/csp/article/K14118520?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.26;5;7;26;CVE-2019-2778;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).";"CONFIRM:https://support.f5.com/csp/article/K19194273 | CONFIRM:https://support.f5.com/csp/article/K19194273?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2778;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).";"CONFIRM:https://support.f5.com/csp/article/K19194273 | CONFIRM:https://support.f5.com/csp/article/K19194273?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2780;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Components / Services). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K19194273 | CONFIRM:https://support.f5.com/csp/article/K19194273?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2784;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K19194273 | CONFIRM:https://support.f5.com/csp/article/K19194273?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2785;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K19194273 | CONFIRM:https://support.f5.com/csp/article/K19194273?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2789;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://support.f5.com/csp/article/K19194273 | CONFIRM:https://support.f5.com/csp/article/K19194273?utm_source=f5support&utm_medium=RSS | FEDORA:FEDORA-2019-96516ce0ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/ | FEDORA:FEDORA-2019-c106e46a95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.26;5;7;26;CVE-2019-2791;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).";"CONFIRM:https://support.f5.com/csp/article/K23125024 | CONFIRM:https://support.f5.com/csp/article/K23125024?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2791;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).";"CONFIRM:https://support.f5.com/csp/article/K23125024 | CONFIRM:https://support.f5.com/csp/article/K23125024?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2795;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K23125024 | CONFIRM:https://support.f5.com/csp/article/K23125024?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2796;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K23125024 | CONFIRM:https://support.f5.com/csp/article/K23125024?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.26;5;7;26;CVE-2019-2797;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K23125024 | CONFIRM:https://support.f5.com/csp/article/K23125024?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2797;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K23125024 | CONFIRM:https://support.f5.com/csp/article/K23125024?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.15;8;0;15;CVE-2019-2798;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K23125024 | CONFIRM:https://support.f5.com/csp/article/K23125024?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2800;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://support.f5.com/csp/article/K04831884 | CONFIRM:https://support.f5.com/csp/article/K04831884?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2801;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K04831884 | CONFIRM:https://support.f5.com/csp/article/K04831884?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2802;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K04831884 | CONFIRM:https://support.f5.com/csp/article/K04831884?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2803;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K04831884 | CONFIRM:https://support.f5.com/csp/article/K04831884?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.44;5;6;44;CVE-2019-2805;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior; 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BUGTRAQ:20190802 [slackware-security] mariadb (SSA:2019-213-01) | URL:https://seclists.org/bugtraq/2019/Aug/1 | CONFIRM:https://support.f5.com/csp/article/K04831884 | CONFIRM:https://support.f5.com/csp/article/K04831884?utm_source=f5support&utm_medium=RSS | MISC:http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/ | UBUNTU:USN-4070-2 | URL:https://usn.ubuntu.com/4070-2/ | UBUNTU:USN-4070-3 | URL:https://usn.ubuntu.com/4070-3/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.26;5;7;26;CVE-2019-2805;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior; 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BUGTRAQ:20190802 [slackware-security] mariadb (SSA:2019-213-01) | URL:https://seclists.org/bugtraq/2019/Aug/1 | CONFIRM:https://support.f5.com/csp/article/K04831884 | CONFIRM:https://support.f5.com/csp/article/K04831884?utm_source=f5support&utm_medium=RSS | MISC:http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/ | UBUNTU:USN-4070-2 | URL:https://usn.ubuntu.com/4070-2/ | UBUNTU:USN-4070-3 | URL:https://usn.ubuntu.com/4070-3/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2805;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior; 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"BUGTRAQ:20190802 [slackware-security] mariadb (SSA:2019-213-01) | URL:https://seclists.org/bugtraq/2019/Aug/1 | CONFIRM:https://support.f5.com/csp/article/K04831884 | CONFIRM:https://support.f5.com/csp/article/K04831884?utm_source=f5support&utm_medium=RSS | MISC:http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | REDHAT:RHSA-2019:3708 | URL:https://access.redhat.com/errata/RHSA-2019:3708 | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/ | UBUNTU:USN-4070-2 | URL:https://usn.ubuntu.com/4070-2/ | UBUNTU:USN-4070-3 | URL:https://usn.ubuntu.com/4070-3/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2808;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K10754336 | CONFIRM:https://support.f5.com/csp/article/K10754336?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2810;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K10754336 | CONFIRM:https://support.f5.com/csp/article/K10754336?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2811;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K10754336 | CONFIRM:https://support.f5.com/csp/article/K10754336?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2812;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K10754336 | CONFIRM:https://support.f5.com/csp/article/K10754336?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2814;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.16 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://support.f5.com/csp/article/K10754336 | CONFIRM:https://support.f5.com/csp/article/K10754336?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2815;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K02585438 | CONFIRM:https://support.f5.com/csp/article/K02585438?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.44;5;6;44;CVE-2019-2819;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.6.44 and prior; 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://support.f5.com/csp/article/K02585438 | CONFIRM:https://support.f5.com/csp/article/K02585438?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.26;5;7;26;CVE-2019-2819;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.6.44 and prior; 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://support.f5.com/csp/article/K02585438 | CONFIRM:https://support.f5.com/csp/article/K02585438?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2819;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.6.44 and prior; 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://support.f5.com/csp/article/K02585438 | CONFIRM:https://support.f5.com/csp/article/K02585438?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511 | UBUNTU:USN-4070-1 | URL:https://usn.ubuntu.com/4070-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2822;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Admin / InnoDB Cluster). Supported versions that are affected are 8.0.16 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.5 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).";"CONFIRM:https://support.f5.com/csp/article/K02585438 | CONFIRM:https://support.f5.com/csp/article/K02585438?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2826;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K02585438 | CONFIRM:https://support.f5.com/csp/article/K02585438?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2830;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K84141449 | CONFIRM:https://support.f5.com/csp/article/K84141449?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2834;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://support.f5.com/csp/article/K84141449 | CONFIRM:https://support.f5.com/csp/article/K84141449?utm_source=f5support&utm_medium=RSS | MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2879;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | REDHAT:RHSA-2019:2484 | URL:https://access.redhat.com/errata/RHSA-2019:2484 | REDHAT:RHSA-2019:2511 | URL:https://access.redhat.com/errata/RHSA-2019:2511";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.45;5;6;45;CVE-2019-2910;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.27;5;7;27;CVE-2019-2910;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.45;5;6;45;CVE-2019-2911;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.6.45 and prior; 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.27;5;7;27;CVE-2019-2911;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.6.45 and prior; 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2019-2911;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.6.45 and prior; 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.27;5;7;27;CVE-2019-2914;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2019-2914;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.45;5;6;45;CVE-2019-2922;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.27;5;7;27;CVE-2019-2922;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.45;5;6;45;CVE-2019-2923;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.27;5;7;27;CVE-2019-2923;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.45;5;6;45;CVE-2019-2924;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.27;5;7;27;CVE-2019-2924;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.27;5;7;27;CVE-2019-2938;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/ | UBUNTU:USN-4195-2 | URL:https://usn.ubuntu.com/4195-2/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2019-2938;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/ | UBUNTU:USN-4195-2 | URL:https://usn.ubuntu.com/4195-2/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.27;5;7;27;CVE-2019-2946;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2019-2946;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.26;5;7;26;CVE-2019-2948;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2948;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2950;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2019-2957;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.27;5;7;27;CVE-2019-2960;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2019-2960;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2019-2963;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2019-2966;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2019-2967;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2019-2968;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.44;5;6;44;CVE-2019-2969;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.6.44 and prior; 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.26;5;7;26;CVE-2019-2969;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.6.44 and prior; 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-2969;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.6.44 and prior; 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.6.45;5;6;45;CVE-2019-2974;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior; 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/ | UBUNTU:USN-4195-2 | URL:https://usn.ubuntu.com/4195-2/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.27;5;7;27;CVE-2019-2974;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior; 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/ | UBUNTU:USN-4195-2 | URL:https://usn.ubuntu.com/4195-2/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2019-2974;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior; 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | SUSE:openSUSE-SU-2019:2698 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/ | UBUNTU:USN-4195-2 | URL:https://usn.ubuntu.com/4195-2/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2019-2982;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 5.7.27;5;7;27;CVE-2019-2993;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2019-2993;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2019-2997;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2019-2998;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2019-3003;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2019-3004;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2019-3009;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2019-3011;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2019-3018;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0002/ | FEDORA:FEDORA-2019-48a0a07033 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL/ | FEDORA:FEDORA-2019-c1fab3f139 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ/ | FEDORA:FEDORA-2019-d40df38271 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP/ | MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | UBUNTU:USN-4195-1 | URL:https://usn.ubuntu.com/4195-1/";Assigned (20181214);"None (candidate not yet proposed)";"" 3.1.7;3;1;7;CVE-2020-13249;Candidate;"libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL; this issue does not affect any MySQL components supported by Oracle.";"FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | MISC:https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945 | MISC:https://github.com/mariadb-corporation/mariadb-connector-c/compare/v3.1.7...v3.1.8 | SUSE:openSUSE-SU-2020:0738 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00064.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html";Assigned (20200520);"None (candidate not yet proposed)";"" 3.1.6;3;1;6;CVE-2020-13249;Candidate;"libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL; this issue does not affect any MySQL components supported by Oracle.";"FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | MISC:https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945 | MISC:https://github.com/mariadb-corporation/mariadb-connector-c/compare/v3.1.7...v3.1.8 | SUSE:openSUSE-SU-2020:0738 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00064.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html";Assigned (20200520);"None (candidate not yet proposed)";"" 4.17.6;4;17;6;CVE-2020-14027;Candidate;"An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments; such as ENABLE_LOCAL_INFILE; that can be leveraged by attackers to enable MySQL Load Data Local (rogue MySQL server) attacks.";"MISC:http://www.ozeki.hu/index.php?owpn=231 | MISC:https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14027-MySQL%20LOAD%20DATA%20LOCAL%20INFILE%20Attack-Ozeki%20SMS%20Gateway";Assigned (20200611);"None (candidate not yet proposed)";"" 5.6.48;5;6;48;CVE-2020-14539;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48 and prior; 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 5.7.30;5;7;30;CVE-2020-14539;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48 and prior; 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14539;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48 and prior; 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 5.7.30;5;7;30;CVE-2020-14540;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14540;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 5.7.30;5;7;30;CVE-2020-14547;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14547;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 5.7.30;5;7;30;CVE-2020-14553;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14553;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 5.6.48;5;6;48;CVE-2020-14559;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior; 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 5.7.30;5;7;30;CVE-2020-14559;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior; 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14559;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior; 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 5.7.29;5;7;29;CVE-2020-14567;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2020-14567;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14568;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14575;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 5.7.30;5;7;30;CVE-2020-14576;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14576;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14586;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14591;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14597;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14614;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14619;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | FEDORA:FEDORA-2020-77b95c868f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SA2XMR2ZY2BPR3VLTDVLNV74JL7TA7KL/ | FEDORA:FEDORA-2020-9c27be9396 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C/ | FEDORA:FEDORA-2020-d5b2e71a17 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14620;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14623;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14624;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14631;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14632;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14633;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14634;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14641;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14643;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14651;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14654;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14656;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14663;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 5.6.49;5;6;49;CVE-2020-14672;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 5.7.31;5;7;31;CVE-2020-14672;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14672;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14678;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14680;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14697;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14702;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200717-0004/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | UBUNTU:USN-4441-1 | URL:https://usn.ubuntu.com/4441-1/";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14725;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200731-0006/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 5.7.31;5;7;31;CVE-2020-14760;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 5.6.49;5;6;49;CVE-2020-14765;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MLIST:[debian-lts-announce] 20210131 [SECURITY] [DLA 2538-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html";Assigned (20200619);"None (candidate not yet proposed)";"" 5.7.31;5;7;31;CVE-2020-14765;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MLIST:[debian-lts-announce] 20210131 [SECURITY] [DLA 2538-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14765;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MLIST:[debian-lts-announce] 20210131 [SECURITY] [DLA 2538-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html";Assigned (20200619);"None (candidate not yet proposed)";"" 5.6.49;5;6;49;CVE-2020-14769;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 5.7.31;5;7;31;CVE-2020-14769;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14769;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 5.7.31;5;7;31;CVE-2020-14771;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14771;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14773;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 5.7.31;5;7;31;CVE-2020-14775;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14775;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 5.7.31;5;7;31;CVE-2020-14776;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14776;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14777;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14785;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14786;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 5.7.31;5;7;31;CVE-2020-14789;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14789;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 5.7.31;5;7;31;CVE-2020-14790;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14790;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14791;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 5.6.49;5;6;49;CVE-2020-14793;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 5.7.31;5;7;31;CVE-2020-14793;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14793;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14794;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-4f9ee82bc5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/ | FEDORA:FEDORA-2020-53df1c05be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/ | FEDORA:FEDORA-2020-eee64a579c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-14799;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14800;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14804;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14809;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 5.6.49;5;6;49;CVE-2020-14812;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MLIST:[debian-lts-announce] 20210131 [SECURITY] [DLA 2538-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html";Assigned (20200619);"None (candidate not yet proposed)";"" 5.7.31;5;7;31;CVE-2020-14812;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MLIST:[debian-lts-announce] 20210131 [SECURITY] [DLA 2538-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14812;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | FEDORA:FEDORA-2020-561eed63ef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | FEDORA:FEDORA-2020-b995eb2973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MLIST:[debian-lts-announce] 20210131 [SECURITY] [DLA 2538-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14814;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14821;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 5.7.31;5;7;31;CVE-2020-14827;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14827;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14828;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14829;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14830;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14836;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14837;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14838;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14839;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14844;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14845;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14846;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14848;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14852;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14860;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14861;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14866;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 5.6.49;5;6;49;CVE-2020-14867;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 5.7.31;5;7;31;CVE-2020-14867;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14867;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.6.49 and prior; 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14868;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 5.7.31;5;7;31;CVE-2020-14869;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14869;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14870;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14873;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14878;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 8.0 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14888;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14891;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2020-14893;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html";Assigned (20200619);"None (candidate not yet proposed)";"" 4.30.-1;4;30;-1;CVE-2020-15051;Candidate;"An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name; Your Email Address; Group Name; MYSQL Server; Database; MYSQL Username; Group Name; and Task Description fields.";"MISC:http://artica-proxy.com/telechargements/ | MISC:https://github.com/pratikshad19/CVE-2020-15051";Assigned (20200625);"None (candidate not yet proposed)";"" 5.7.28;5;7;28;CVE-2020-2572;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.18;8;0;18;CVE-2020-2572;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 5.7.28;5;7;28;CVE-2020-2577;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.18;8;0;18;CVE-2020-2577;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 5.6.46;5;6;46;CVE-2020-2579;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior; 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 5.7.28;5;7;28;CVE-2020-2579;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior; 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.18;8;0;18;CVE-2020-2579;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior; 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2020-2580;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html";Assigned (20191210);"None (candidate not yet proposed)";"" 5.7.28;5;7;28;CVE-2020-2584;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.18;8;0;18;CVE-2020-2584;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.18;8;0;18;CVE-2020-2588;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 5.7.28;5;7;28;CVE-2020-2589;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2020-2589;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.18;8;0;18;CVE-2020-2627;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 1.58.1;1;58;1;CVE-2020-26277;Candidate;"DBdeployer is a tool that deploys MySQL database servers easily. In DBdeployer before version 1.58.2; users unpacking a tarball may use a maliciously packaged tarball that contains symlinks to files external to the target. In such scenario; an attacker could induce dbdeployer to write into a system file; thus altering the computer defenses. For the attack to succeed; the following factors need to contribute: 1) The user is logged in as root. While dbdeployer is usable as root; it was designed to run as unprivileged user. 2) The user has taken a tarball from a non secure source; without testing the checksum. When the tarball is retrieved through dbdeployer; the checksum is compared before attempting to unpack. This has been fixed in version 1.58.2.";"CONFIRM:https://github.com/datacharmer/dbdeployer/security/advisories/GHSA-47wr-426j-fr82 | URL:https://github.com/datacharmer/dbdeployer/security/advisories/GHSA-47wr-426j-fr82 | MISC:https://github.com/datacharmer/dbdeployer/commit/548e256c1de2f99746e861454e7714ec6bc9bb10 | URL:https://github.com/datacharmer/dbdeployer/commit/548e256c1de2f99746e861454e7714ec6bc9bb10";Assigned (20201001);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2020-26542;Candidate;"An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory; Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the account password; leading to access against the service integrated with which Active Directory is deployed at the level granted to the authenticating account.";"CONFIRM:https://www.percona.com/blog/2020/10/13/percona-distribution-for-mysql-pxc-variant-8-0-20-fixes-for-security-vulnerability-release-roundup-october-13-2020/ | CONFIRM:https://www.percona.com/doc/percona-distribution-mysql/8.0/release-notes-pxc-v8.0.20.upd2.html | MISC:https://jira.percona.com/browse/PS-7358 | MISC:https://jira.percona.com/browse/PSMDB-726";Assigned (20201002);"None (candidate not yet proposed)";"" 5.7.28;5;7;28;CVE-2020-2660;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.18;8;0;18;CVE-2020-2660;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.18;8;0;18;CVE-2020-2679;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.18;8;0;18;CVE-2020-2686;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.18;8;0;18;CVE-2020-2694;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200122-0002/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-4250-1 | URL:https://usn.ubuntu.com/4250-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2020-2759;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 5.7.29;5;7;29;CVE-2020-2760;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202012-08 | URL:https://security.gentoo.org/glsa/202012-08 | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2020-2760;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202012-08 | URL:https://security.gentoo.org/glsa/202012-08 | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.18;8;0;18;CVE-2020-2761;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2020-2762;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 5.6.47;5;6;47;CVE-2020-2763;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 5.7.29;5;7;29;CVE-2020-2763;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2020-2763;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 5.7.29;5;7;29;CVE-2020-2765;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2020-2765;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.18;8;0;18;CVE-2020-2770;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.18;8;0;18;CVE-2020-2774;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.18;8;0;18;CVE-2020-2779;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html";Assigned (20191210);"None (candidate not yet proposed)";"" 5.6.47;5;6;47;CVE-2020-2780;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 5.7.29;5;7;29;CVE-2020-2780;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2020-2780;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 5.7.28;5;7;28;CVE-2020-2790;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html";Assigned (20191210);"None (candidate not yet proposed)";"" 5.6.47;5;6;47;CVE-2020-2804;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 5.7.29;5;7;29;CVE-2020-2804;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2020-2804;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 5.7.28;5;7;28;CVE-2020-2806;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.28 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html";Assigned (20191210);"None (candidate not yet proposed)";"" 5.6.47;5;6;47;CVE-2020-2812;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202012-08 | URL:https://security.gentoo.org/glsa/202012-08 | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 5.7.29;5;7;29;CVE-2020-2812;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202012-08 | URL:https://security.gentoo.org/glsa/202012-08 | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2020-2812;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior; 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202012-08 | URL:https://security.gentoo.org/glsa/202012-08 | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 5.6.47;5;6;47;CVE-2020-2814;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior; 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202012-08 | URL:https://security.gentoo.org/glsa/202012-08 | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html";Assigned (20191210);"None (candidate not yet proposed)";"" 5.7.28;5;7;28;CVE-2020-2814;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior; 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202012-08 | URL:https://security.gentoo.org/glsa/202012-08 | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.18;8;0;18;CVE-2020-2814;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior; 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | FEDORA:FEDORA-2020-35f52d9370 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW2ED32VEUHXFN2J3YQE27JIBV4SC2PI/ | FEDORA:FEDORA-2020-ac2d47d89a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/ | GENTOO:GLSA-202012-08 | URL:https://security.gentoo.org/glsa/202012-08 | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | SUSE:openSUSE-SU-2020:0870 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.18;8;0;18;CVE-2020-2853;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2020-2892;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2020-2893;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2020-2895;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2020-2896;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2020-2897;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2020-2898;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). The supported version that is affected is 8.0.19. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2020-2901;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2020-2903;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2020-2904;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2020-2921;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2020-2923;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2020-2924;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2020-2925;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2020-2926;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2020-2928;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2020-2930;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20200416-0003/ | FEDORA:FEDORA-2020-136dc82437 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDGBQYS3A36S4CAZPV5YROHYXYZR6LAH/ | FEDORA:FEDORA-2020-20ac7c92a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSVLI36TYRTPQGCS24VZQUXCUFOUW4VQ/ | FEDORA:FEDORA-2020-261c9ddd7c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | UBUNTU:USN-4350-1 | URL:https://usn.ubuntu.com/4350-1/";Assigned (20191210);"None (candidate not yet proposed)";"" 1.4.0;1;4;0;CVE-2020-5426;Candidate;"Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller.";"CONFIRM:https://tanzu.vmware.com/security/cve-2020-5426 | URL:https://tanzu.vmware.com/security/cve-2020-5426";Assigned (20200103);"None (candidate not yet proposed)";"" 0.7.24;0;7;24;CVE-2020-5777;Candidate;"MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting max_connections (default 151) is lower than Apache (or another web server) setting MaxRequestWorkers (formerly MaxClients) (default 256). This can be done by sending at least 151 simultaneous requests to the Magento website to trigger a ""Too many connections"" error; then use default magmi:magmi basic authentication to remotely bypass authentication.";"MISC:https://www.tenable.com/security/research/tra-2020-51 | URL:https://www.tenable.com/security/research/tra-2020-51";Assigned (20200106);"None (candidate not yet proposed)";"" 10.4.7;10;4;7;CVE-2020-7221;Candidate;"mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely; as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product; which implements mysql_install_db differently.";"CONFIRM:https://github.com/MariaDB/server/commit/9d18b6246755472c8324bf3e20e234e08ac45618 | MISC:https://bugzilla.suse.com/show_bug.cgi?id=1160868 | MISC:https://seclists.org/oss-sec/2020/q1/55";Assigned (20200117);"None (candidate not yet proposed)";"" 10.4.11;10;4;11;CVE-2020-7221;Candidate;"mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely; as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product; which implements mysql_install_db differently.";"CONFIRM:https://github.com/MariaDB/server/commit/9d18b6246755472c8324bf3e20e234e08ac45618 | MISC:https://bugzilla.suse.com/show_bug.cgi?id=1160868 | MISC:https://seclists.org/oss-sec/2020/q1/55";Assigned (20200117);"None (candidate not yet proposed)";"" 2.2.0;2;2;0;CVE-2020-7920;Candidate;"pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service.";"MISC:https://jira.percona.com/browse/PMM-5232 | MISC:https://jira.percona.com/browse/PMM-5233 | MISC:https://www.percona.com/blog/2020/02/03/improvements-in-pmm-bug-fixes-in-percona-server-percona-backup-for-mongodb-alert-release-roundup-2-3-2020/ | MISC:https://www.percona.com/doc/percona-monitoring-and-management/2.x/release-notes/2.2.1.html";Assigned (20200123);"None (candidate not yet proposed)";"" 19.1.3;19;1;3;CVE-2020-8611;Candidate;"In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1; multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or destroy database elements.";"CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2019_2/ReleaseNotes/en/index.htm#49677.htm | CONFIRM:https://status.moveitcloud.com/ | MISC:https://community.ipswitch.com/s/article/MOVEit-Transfer-Security-Vulnerabilities-Feb-2020";Assigned (20200204);"None (candidate not yet proposed)";"" 19.2.0;19;2;0;CVE-2020-8611;Candidate;"In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1; multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or destroy database elements.";"CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm | CONFIRM:https://docs.ipswitch.com/MOVEit/Transfer2019_2/ReleaseNotes/en/index.htm#49677.htm | CONFIRM:https://status.moveitcloud.com/ | MISC:https://community.ipswitch.com/s/article/MOVEit-Transfer-Security-Vulnerabilities-Feb-2020";Assigned (20200204);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2021-1998;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.6.50;5;6;50;CVE-2021-2001;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior; 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.30;5;7;30;CVE-2021-2001;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior; 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2021-2001;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior; 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.22;8;0;22;CVE-2021-2002;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2021-2009;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2021-2012;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.32;5;7;32;CVE-2021-2014;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 5.7.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2021-2016;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2021-2019;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.20;8;0;20;CVE-2021-2020;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.22;8;0;22;CVE-2021-2021;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.6.50;5;6;50;CVE-2021-2022;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior; 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.32;5;7;32;CVE-2021-2022;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior; 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.22;8;0;22;CVE-2021-2022;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior; 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | FEDORA:FEDORA-2021-b1d1655cef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ | FEDORA:FEDORA-2021-db50ab62d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.22;8;0;22;CVE-2021-2024;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2021-2028;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2021-2030;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.22;8;0;22;CVE-2021-2031;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.32;5;7;32;CVE-2021-2032;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.22;8;0;22;CVE-2021-2032;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.22;8;0;22;CVE-2021-2036;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.22;8;0;22;CVE-2021-2038;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2021-2042;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.22;8;0;22;CVE-2021-2046;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.22;8;0;22;CVE-2021-2048;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2021-2055;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.22;8;0;22;CVE-2021-2056;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.22;8;0;22;CVE-2021-2058;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.6.50;5;6;50;CVE-2021-2060;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior; 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.32;5;7;32;CVE-2021-2060;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior; 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.22;8;0;22;CVE-2021-2060;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior; 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.22;8;0;22;CVE-2021-2061;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.22;8;0;22;CVE-2021-2065;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.22;8;0;22;CVE-2021-2070;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.22;8;0;22;CVE-2021-2072;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.22;8;0;22;CVE-2021-2076;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.22;8;0;22;CVE-2021-2081;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.22;8;0;22;CVE-2021-2087;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.22;8;0;22;CVE-2021-2088;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.22;8;0;22;CVE-2021-2122;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210219-0003/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.29;5;7;29;CVE-2021-2144;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.19;8;0;19;CVE-2021-2144;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.33;5;7;33;CVE-2021-2146;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2146;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.33;5;7;33;CVE-2021-2154;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-179f2fbb88 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEF5CRATUGQZUSQU63MHQIDZPOLHW2VE/ | FEDORA:FEDORA-2021-27187ac9dd | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GAU7KW36A6TQGKG3RUITYSVUFIHBY3OT/ | FEDORA:FEDORA-2021-68db93b130 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPA3CTGXPVWKHMCQDVURK4ETH7GE34KK/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.30;5;7;30;CVE-2021-2160;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.17;8;0;17;CVE-2021-2160;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.33;5;7;33;CVE-2021-2162;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2162;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2164;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.33;5;7;33;CVE-2021-2166;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-179f2fbb88 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEF5CRATUGQZUSQU63MHQIDZPOLHW2VE/ | FEDORA:FEDORA-2021-27187ac9dd | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GAU7KW36A6TQGKG3RUITYSVUFIHBY3OT/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-68db93b130 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPA3CTGXPVWKHMCQDVURK4ETH7GE34KK/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2166;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-179f2fbb88 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEF5CRATUGQZUSQU63MHQIDZPOLHW2VE/ | FEDORA:FEDORA-2021-27187ac9dd | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GAU7KW36A6TQGKG3RUITYSVUFIHBY3OT/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-68db93b130 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPA3CTGXPVWKHMCQDVURK4ETH7GE34KK/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.33;5;7;33;CVE-2021-2169;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2169;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2170;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.33;5;7;33;CVE-2021-2171;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2171;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2172;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.33;5;7;33;CVE-2021-2174;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2174;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.32;5;7;32;CVE-2021-2178;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.22;8;0;22;CVE-2021-2178;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.33;5;7;33;CVE-2021-2179;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2179;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.33;5;7;33;CVE-2021-2180;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2180;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | GENTOO:GLSA-202105-27 | URL:https://security.gentoo.org/glsa/202105-27 | GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2193;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.33;5;7;33;CVE-2021-2194;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2194;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2196;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | FEDORA:FEDORA-2021-01189f6361 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ/ | FEDORA:FEDORA-2021-5b6c69a73a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ/ | FEDORA:FEDORA-2021-b8b7829a83 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2201;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.32;5;7;32;CVE-2021-2202;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.22;8;0;22;CVE-2021-2202;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2203;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2208;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2212;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.22;8;0;22;CVE-2021-2213;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2215;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2217;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.33;5;7;33;CVE-2021-2226;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2226;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2230;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2232;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 1.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2278;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2293;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2298;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2299;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2300;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2301;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2304;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2305;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 15.1.2;15;1;2;CVE-2021-23053;Candidate;"On version 15.1.x before 15.1.3; 14.1.x before 14.1.3.1; and 13.1.x before 13.1.3.6; when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack; the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.";"MISC:https://support.f5.com/csp/article/K36942191 | URL:https://support.f5.com/csp/article/K36942191";Assigned (20210106);"None (candidate not yet proposed)";"" 14.1.2;14;1;2;CVE-2021-23053;Candidate;"On version 15.1.x before 15.1.3; 14.1.x before 14.1.3.1; and 13.1.x before 13.1.3.6; when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack; the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.";"MISC:https://support.f5.com/csp/article/K36942191 | URL:https://support.f5.com/csp/article/K36942191";Assigned (20210106);"None (candidate not yet proposed)";"" 13.1.2;13;1;2;CVE-2021-23053;Candidate;"On version 15.1.x before 15.1.3; 14.1.x before 14.1.3.1; and 13.1.x before 13.1.3.6; when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack; the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.";"MISC:https://support.f5.com/csp/article/K36942191 | URL:https://support.f5.com/csp/article/K36942191";Assigned (20210106);"None (candidate not yet proposed)";"" 5.7.33;5;7;33;CVE-2021-2307;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2307;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2308;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210513-0002/ | MISC:https://www.oracle.com/security-alerts/cpuapr2021.html | URL:https://www.oracle.com/security-alerts/cpuapr2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2339;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2340;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.34;5;7;34;CVE-2021-2342;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2342;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2352;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2354;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.34;5;7;34;CVE-2021-2356;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2356;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2357;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2367;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2370;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.34;5;7;34;CVE-2021-2372;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-72d5918529 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGR5ZTB5QEDRRC6G5U6TFNCIVBBKGS5J/ | FEDORA:FEDORA-2021-acef1dc8cf | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2372;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-72d5918529 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGR5ZTB5QEDRRC6G5U6TFNCIVBBKGS5J/ | FEDORA:FEDORA-2021-acef1dc8cf | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2374;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2383;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2384;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.34;5;7;34;CVE-2021-2385;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2385;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-dc4299a8d0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OO2Q5PIFURXLLKCIJE6XF6VL4LLMNO5/ | FEDORA:FEDORA-2021-df40c41094 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPJAGVMRKODR4QIXQSVEM4BLRZUM7P3R/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2387;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.34;5;7;34;CVE-2021-2389;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-72d5918529 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGR5ZTB5QEDRRC6G5U6TFNCIVBBKGS5J/ | FEDORA:FEDORA-2021-acef1dc8cf | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH/ | MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-880/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2389;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | FEDORA:FEDORA-2021-72d5918529 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGR5ZTB5QEDRRC6G5U6TFNCIVBBKGS5J/ | FEDORA:FEDORA-2021-acef1dc8cf | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH/ | MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-880/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 5.7.34;5;7;34;CVE-2021-2390;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-881/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2390;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-881/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2399;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2402;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2410;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.21;8;0;21;CVE-2021-2412;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2417;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2418;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2422;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2424;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2425;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2426;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2427;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2429;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-889/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2437;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2440;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-2441;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.23;8;0;23;CVE-2021-2444;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20210723-0001/ | MISC:https://www.oracle.com/security-alerts/cpujul2021.html | URL:https://www.oracle.com/security-alerts/cpujul2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-2478;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-2479;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-2481;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20201209);"None (candidate not yet proposed)";"" 0.20.2;0;20;2;CVE-2021-26919;Candidate;"Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties; which; if left unmitigated; can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2";"MISC:https://lists.apache.org/thread.html/rd87451fce34df54796e66321c40d743a68fb4553d72e7f6f0bc62ebd%40%3Cdev.druid.apache.org%3E | URL:https://lists.apache.org/thread.html/rd87451fce34df54796e66321c40d743a68fb4553d72e7f6f0bc62ebd%40%3Cdev.druid.apache.org%3E | MLIST:[druid-commits] 20210401 [GitHub] [druid] jihoonson merged pull request #11047: Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/re0910cf4c784897774427fecd95912fb565a6bd06d924a55e70bbbfc@%3Ccommits.druid.apache.org%3E | MLIST:[druid-commits] 20210412 [GitHub] [druid] jihoonson merged pull request #11100: [Backport] Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r6bc68264170046448f823d12c17fd1fd875251d97d60869f58709872@%3Ccommits.druid.apache.org%3E | MLIST:[druid-commits] 20210412 [GitHub] [druid] jihoonson opened a new pull request #11100: [Backport] Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r7a531ec123570cb7875ff991cf115f99e9ef99a48b3cf3fa4f9d9864@%3Ccommits.druid.apache.org%3E | MLIST:[druid-dev] 20210331 Regarding the 0.21.0 release | URL:https://lists.apache.org/thread.html/r443e2916c612fbd119839c0fc0729327d6031913a75081adac5b43ad@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210401 Re: Subject: [CVE-2021-26919] Authenticated users can execute arbitrary code from malicious MySQL database systems | URL:https://lists.apache.org/thread.html/re4c5deb0aae4bace69844d15c9fd1699e907ebfee93bc3926474d110@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210405 Re: Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r470f8c92eb5df45f41b3ae609b6315b6c5ff51b3ceb2f09f00ca620f@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210405 Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/ra85fa7d31f9bec1148ffd2e4030934927caa8bff89bca9f61f75e697@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210414 Re: Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/rf3ea2a4018e87e6c45d36cf8479af7727dcc276edabd2f7cf59e0c5f@%3Cdev.druid.apache.org%3E";Assigned (20210209);"None (candidate not yet proposed)";"" 0.21.0;0;21;0;CVE-2021-26919;Candidate;"Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties; which; if left unmitigated; can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2";"MISC:https://lists.apache.org/thread.html/rd87451fce34df54796e66321c40d743a68fb4553d72e7f6f0bc62ebd%40%3Cdev.druid.apache.org%3E | URL:https://lists.apache.org/thread.html/rd87451fce34df54796e66321c40d743a68fb4553d72e7f6f0bc62ebd%40%3Cdev.druid.apache.org%3E | MLIST:[druid-commits] 20210401 [GitHub] [druid] jihoonson merged pull request #11047: Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/re0910cf4c784897774427fecd95912fb565a6bd06d924a55e70bbbfc@%3Ccommits.druid.apache.org%3E | MLIST:[druid-commits] 20210412 [GitHub] [druid] jihoonson merged pull request #11100: [Backport] Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r6bc68264170046448f823d12c17fd1fd875251d97d60869f58709872@%3Ccommits.druid.apache.org%3E | MLIST:[druid-commits] 20210412 [GitHub] [druid] jihoonson opened a new pull request #11100: [Backport] Allow list for JDBC connection properties to address CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r7a531ec123570cb7875ff991cf115f99e9ef99a48b3cf3fa4f9d9864@%3Ccommits.druid.apache.org%3E | MLIST:[druid-dev] 20210331 Regarding the 0.21.0 release | URL:https://lists.apache.org/thread.html/r443e2916c612fbd119839c0fc0729327d6031913a75081adac5b43ad@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210401 Re: Subject: [CVE-2021-26919] Authenticated users can execute arbitrary code from malicious MySQL database systems | URL:https://lists.apache.org/thread.html/re4c5deb0aae4bace69844d15c9fd1699e907ebfee93bc3926474d110@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210405 Re: Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/r470f8c92eb5df45f41b3ae609b6315b6c5ff51b3ceb2f09f00ca620f@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210405 Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/ra85fa7d31f9bec1148ffd2e4030934927caa8bff89bca9f61f75e697@%3Cdev.druid.apache.org%3E | MLIST:[druid-dev] 20210414 Re: Regarding the CVSS score for CVE-2021-26919 | URL:https://lists.apache.org/thread.html/rf3ea2a4018e87e6c45d36cf8479af7727dcc276edabd2f7cf59e0c5f@%3Cdev.druid.apache.org%3E";Assigned (20210209);"None (candidate not yet proposed)";"" 10.2.36;10;2;36;CVE-2021-27928;Candidate;"A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37; 10.3 before 10.3.28; 10.4 before 10.4.18; and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection; in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.";"GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html | MISC:https://jira.mariadb.org/browse/MDEV-25179 | MISC:https://mariadb.com/kb/en/mariadb-10237-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10328-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10418-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-1059-release-notes/ | MISC:https://mariadb.com/kb/en/security/ | MLIST:[debian-lts-announce] 20210323 [SECURITY] [DLA 2605-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html";Assigned (20210303);"None (candidate not yet proposed)";"" 10.3.27;10;3;27;CVE-2021-27928;Candidate;"A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37; 10.3 before 10.3.28; 10.4 before 10.4.18; and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection; in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.";"GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html | MISC:https://jira.mariadb.org/browse/MDEV-25179 | MISC:https://mariadb.com/kb/en/mariadb-10237-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10328-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10418-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-1059-release-notes/ | MISC:https://mariadb.com/kb/en/security/ | MLIST:[debian-lts-announce] 20210323 [SECURITY] [DLA 2605-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html";Assigned (20210303);"None (candidate not yet proposed)";"" 10.4.17;10;4;17;CVE-2021-27928;Candidate;"A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37; 10.3 before 10.3.28; 10.4 before 10.4.18; and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection; in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.";"GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html | MISC:https://jira.mariadb.org/browse/MDEV-25179 | MISC:https://mariadb.com/kb/en/mariadb-10237-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10328-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10418-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-1059-release-notes/ | MISC:https://mariadb.com/kb/en/security/ | MLIST:[debian-lts-announce] 20210323 [SECURITY] [DLA 2605-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html";Assigned (20210303);"None (candidate not yet proposed)";"" 10.5.8;10;5;8;CVE-2021-27928;Candidate;"A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37; 10.3 before 10.3.28; 10.4 before 10.4.18; and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection; in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.";"GENTOO:GLSA-202105-28 | URL:https://security.gentoo.org/glsa/202105-28 | MISC:http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html | MISC:https://jira.mariadb.org/browse/MDEV-25179 | MISC:https://mariadb.com/kb/en/mariadb-10237-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10328-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-10418-release-notes/ | MISC:https://mariadb.com/kb/en/mariadb-1059-release-notes/ | MISC:https://mariadb.com/kb/en/security/ | MLIST:[debian-lts-announce] 20210323 [SECURITY] [DLA 2605-1] mariadb-10.1 security update | URL:https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html";Assigned (20210303);"None (candidate not yet proposed)";"" 3.9.6;3;9;6;CVE-2021-29004;Candidate;"rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig; an attacker may successfully upload a webshell to the server and access it remotely.";"MISC:http://rconfig.com | MISC:https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29004-POC-req.txt | MISC:https://github.com/mrojz/rconfig-exploit/blob/main/README.md | MISC:https://rconfig.com";Assigned (20210322);"None (candidate not yet proposed)";"" 2.11.10;2;11;10;CVE-2021-32743;Candidate;"Icinga is a monitoring system which checks the availability of network resources; notifies users of outages; and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4; some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add; modify and delete information there. If credentials with more permissions are in use; this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases; these passwords are no longer exposed via the API. As a workaround; API user permissions can be restricted to not allow querying of any affected objects; either by explicitly listing only the required object types for object query permissions; or by applying a filter rule.";"CONFIRM:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | URL:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | MISC:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | URL:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | MLIST:[debian-lts-announce] 20211110 [SECURITY] [DLA 2816-1] icinga2 security update | URL:https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html";Assigned (20210512);"None (candidate not yet proposed)";"" 2.12.0;2;12;0;CVE-2021-32743;Candidate;"Icinga is a monitoring system which checks the availability of network resources; notifies users of outages; and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4; some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add; modify and delete information there. If credentials with more permissions are in use; this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases; these passwords are no longer exposed via the API. As a workaround; API user permissions can be restricted to not allow querying of any affected objects; either by explicitly listing only the required object types for object query permissions; or by applying a filter rule.";"CONFIRM:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | URL:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | MISC:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | URL:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | MLIST:[debian-lts-announce] 20211110 [SECURITY] [DLA 2816-1] icinga2 security update | URL:https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html";Assigned (20210512);"None (candidate not yet proposed)";"" 2.12.4;2;12;4;CVE-2021-32743;Candidate;"Icinga is a monitoring system which checks the availability of network resources; notifies users of outages; and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4; some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add; modify and delete information there. If credentials with more permissions are in use; this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases; these passwords are no longer exposed via the API. As a workaround; API user permissions can be restricted to not allow querying of any affected objects; either by explicitly listing only the required object types for object query permissions; or by applying a filter rule.";"CONFIRM:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | URL:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | MISC:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | URL:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | MLIST:[debian-lts-announce] 20211110 [SECURITY] [DLA 2816-1] icinga2 security update | URL:https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html";Assigned (20210512);"None (candidate not yet proposed)";"" 2.8.0;2;8;0;CVE-2021-32743;Candidate;"Icinga is a monitoring system which checks the availability of network resources; notifies users of outages; and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4; some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add; modify and delete information there. If credentials with more permissions are in use; this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases; these passwords are no longer exposed via the API. As a workaround; API user permissions can be restricted to not allow querying of any affected objects; either by explicitly listing only the required object types for object query permissions; or by applying a filter rule.";"CONFIRM:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | URL:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | MISC:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | URL:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | MLIST:[debian-lts-announce] 20211110 [SECURITY] [DLA 2816-1] icinga2 security update | URL:https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html";Assigned (20210512);"None (candidate not yet proposed)";"" 2.12.5;2;12;5;CVE-2021-32743;Candidate;"Icinga is a monitoring system which checks the availability of network resources; notifies users of outages; and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4; some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add; modify and delete information there. If credentials with more permissions are in use; this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases; these passwords are no longer exposed via the API. As a workaround; API user permissions can be restricted to not allow querying of any affected objects; either by explicitly listing only the required object types for object query permissions; or by applying a filter rule.";"CONFIRM:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | URL:https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 | MISC:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | URL:https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ | MLIST:[debian-lts-announce] 20211110 [SECURITY] [DLA 2816-1] icinga2 security update | URL:https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html";Assigned (20210512);"None (candidate not yet proposed)";"" 19.0.5;19;0;5;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" 11.0.5;11;0;5;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" 19.1.4;19;1;4;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" 11.1.4;11;1;4;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" 19.2.1;19;2;1;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" 11.2.1;11;2;1;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" 20.0.4;20;0;4;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" 12.0.4;12;0;4;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" 20.1.3;20;1;3;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" 12.1.3;12;1;3;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" 21.0.0;21;0;0;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" 13.0.0;13;0;0;CVE-2021-33894;Candidate;"In Progress MOVEit Transfer before 2019.0.6 (11.0.6); 2019.1.x before 2019.1.5 (11.1.5); 2019.2.x before 2019.2.2 (11.2.2); 2020.x before 2020.0.5 (12.0.5); 2020.1.x before 2020.1.4 (12.1.4); and 2021.x before 2021.0.1 (13.0.1); a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in the MOVEit Transfer web app. This could allow an authenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database and/or execute SQL statements that alter or delete database elements.";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-June-2021 | MISC:https://www.progress.com/moveit";Assigned (20210606);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-35537;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35546;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35575;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35577;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via MySQL Protcol to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-35583;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Windows). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35591;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35596;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Error Handling). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35602;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 5.7.35;5;7;35;CVE-2021-35604;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-72d5918529 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGR5ZTB5QEDRRC6G5U6TFNCIVBBKGS5J/ | FEDORA:FEDORA-2021-acef1dc8cf | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35604;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-72d5918529 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGR5ZTB5QEDRRC6G5U6TFNCIVBBKGS5J/ | FEDORA:FEDORA-2021-acef1dc8cf | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35607;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35608;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35610;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | FEDORA:FEDORA-2021-46dc82116b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XF3ZFPL3JJ26YRUGXLXQZYJBLZV3WC2C/ | FEDORA:FEDORA-2021-70dd0b9f5d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MLAXYFLUDC636S46X34USCLDZAOFBM2/ | FEDORA:FEDORA-2021-f74148c6d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRCU3RTIPVKPC3GMC76YW7DJEXUEY6FG/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35612;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35622;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35623;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 5.7.35;5;7;35;CVE-2021-35624;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35624;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35625;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35626;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35627;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35628;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.25;8;0;25;CVE-2021-35629;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35630;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35631;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35632;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35633;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35634;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35635;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35636;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35637;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35638;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35639;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35640;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35641;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35642;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35643;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35644;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35645;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35646;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35647;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2021-35648;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20211022-0003/ | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html";Assigned (20210628);"None (candidate not yet proposed)";"" 2.6.6;2;6;6;CVE-2021-36774;Candidate;"Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties; which; if left unmitigated; can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions.";"MISC:https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow | URL:https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow | MLIST:[oss-security] 20220106 CVE-2021-36774: Apache Kylin: Mysql JDBC Connector Deserialize RCE | URL:http://www.openwall.com/lists/oss-security/2022/01/06/5";Assigned (20210719);"None (candidate not yet proposed)";"" 3.1.2;3;1;2;CVE-2021-36774;Candidate;"Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties; which; if left unmitigated; can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions.";"MISC:https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow | URL:https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow | MLIST:[oss-security] 20220106 CVE-2021-36774: Apache Kylin: Mysql JDBC Connector Deserialize RCE | URL:http://www.openwall.com/lists/oss-security/2022/01/06/5";Assigned (20210719);"None (candidate not yet proposed)";"" 21.0.2;21;0;2;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" 13.0.2;13;0;2;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" 19.0.6;19;0;6;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" 11.0.6;11;0;6;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" 19.1.5;19;1;5;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" 11.1.5;11;1;5;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" 19.2.2;19;2;2;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" 11.2.2;11;2;2;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" 20.0.5;20;0;5;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" 12.0.5;12;0;5;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" 20.1.4;20;1;4;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" 12.1.4;12;1;4;CVE-2021-37614;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3); SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.7 (11.0.7); 2019.1.6 (11.1.6); 2019.2.3 (11.2.3); 2020.0.6 (12.0.6); 2020.1.5 (12.1.5); and 2021.0.3 (13.0.3).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-2021 | MISC:https://docs.ipswitch.com/MOVEit/Transfer2019/ReleaseNotes/en/index.htm#48648.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/index.htm#50951.htm | MISC:https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm#link8";Assigned (20210729);"None (candidate not yet proposed)";"" 2.10.0;2;10;0;CVE-2021-3779;Candidate;"A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later.";"MISC:https://www.rapid7.com/blog/post/2022/06/28/cve-2021-3779-ruby-mysql-gem-client-file-read-fixed/ | URL:https://www.rapid7.com/blog/post/2022/06/28/cve-2021-3779-ruby-mysql-gem-client-file-read-fixed/";Assigned (20210907);"None (candidate not yet proposed)";"" 21.0.3;21;0;3;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" 13.0.3;13;0;3;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" 19.0.7;19;0;7;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" 11.0.7;11;0;7;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" 19.1.6;19;1;6;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" 11.1.6;11;1;6;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" 19.2.3;19;2;3;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" 11.2.3;11;2;3;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" 20.0.6;20;0;6;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" 12.0.6;12;0;6;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" 20.1.5;20;1;5;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" 12.1.5;12;1;5;CVE-2021-38159;Candidate;"In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4); SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; or execute SQL statements that alter or delete database elements; via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8); 2019.1.7 (11.1.7); 2019.2.4 (11.2.4); 2020.0.7 (12.0.7); 2020.1.6 (12.1.6); and 2021.0.4 (13.0.4).";"CONFIRM:https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-August-6-2021 | MISC:https://www.progress.com/moveit";Assigned (20210807);"None (candidate not yet proposed)";"" 1.12.0;1;12;0;CVE-2021-43008;Candidate;"Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.";"MISC:https://github.com/vrana/adminer/releases/tag/v4.6.3 | MISC:https://podalirius.net/en/cves/2021-43008/ | MISC:https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability | MISC:https://www.adminer.org/ | MLIST:[debian-lts-announce] 20220513 [SECURITY] [DLA 3002-1] adminer security update | URL:https://lists.debian.org/debian-lts-announce/2022/05/msg00012.html";Assigned (20211025);"None (candidate not yet proposed)";"" 4.6.2;4;6;2;CVE-2021-43008;Candidate;"Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.";"MISC:https://github.com/vrana/adminer/releases/tag/v4.6.3 | MISC:https://podalirius.net/en/cves/2021-43008/ | MISC:https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability | MISC:https://www.adminer.org/ | MLIST:[debian-lts-announce] 20220513 [SECURITY] [DLA 3002-1] adminer security update | URL:https://lists.debian.org/debian-lts-announce/2022/05/msg00012.html";Assigned (20211025);"None (candidate not yet proposed)";"" 4.6.3;4;6;3;CVE-2021-43008;Candidate;"Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.";"MISC:https://github.com/vrana/adminer/releases/tag/v4.6.3 | MISC:https://podalirius.net/en/cves/2021-43008/ | MISC:https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability | MISC:https://www.adminer.org/ | MLIST:[debian-lts-announce] 20220513 [SECURITY] [DLA 3002-1] adminer security update | URL:https://lists.debian.org/debian-lts-announce/2022/05/msg00012.html";Assigned (20211025);"None (candidate not yet proposed)";"" 5.7.36;5;7;36;CVE-2022-21245;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21245;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21249;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21253;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21254;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21256;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21264;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21265;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 5.7.36;5;7;36;CVE-2022-21270;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21270;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2022-21278;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2022-21297;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21301;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21302;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 5.7.36;5;7;36;CVE-2022-21303;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21303;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 5.7.36;5;7;36;CVE-2022-21304;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21304;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21339;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | FEDORA:FEDORA-2022-43217f0ba7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2XBX2PNTBLJNK5G7EP7LIDPFTPDIHPW/ | FEDORA:FEDORA-2022-be015e0331 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6OB7IPXBSJRAGCA4P47EVGC76VS2DS4/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21342;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 5.7.36;5;7;36;CVE-2022-21344;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21344;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21348;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21351;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.26;8;0;26;CVE-2022-21352;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21358;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21362;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 5.7.36;5;7;36;CVE-2022-21367;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21367;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21368;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.7 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21370;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21372;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21374;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21378;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21379;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220121-0008/ | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21412;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21413;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21414;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21415;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 5.7.37;5;7;37;CVE-2022-21417;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21417;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21418;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21423;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21425;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 5.7.37;5;7;37;CVE-2022-21427;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html | MLIST:[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21427;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html | MLIST:[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21435;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21436;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21437;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21438;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21440;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 5.7.37;5;7;37;CVE-2022-21444;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21444;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 5.7.37;5;7;37;CVE-2022-21451;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21451;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21452;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 5.7.37;5;7;37;CVE-2022-21454;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21454;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21455;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21457;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21459;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 5.7.37;5;7;37;CVE-2022-21460;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21460;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21462;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21478;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21479;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220429-0005/ | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.29;8;0;29;CVE-2022-21509;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 5.7.38;5;7;38;CVE-2022-21515;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.38 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.29;8;0;29;CVE-2022-21515;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.38 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.29;8;0;29;CVE-2022-21517;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.29;8;0;29;CVE-2022-21522;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.29;8;0;29;CVE-2022-21525;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.29;8;0;29;CVE-2022-21526;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.29;8;0;29;CVE-2022-21527;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.29;8;0;29;CVE-2022-21528;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.29;8;0;29;CVE-2022-21529;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.29;8;0;29;CVE-2022-21530;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.29;8;0;29;CVE-2022-21531;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.29;8;0;29;CVE-2022-21534;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.29;8;0;29;CVE-2022-21537;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | FEDORA:FEDORA-2022-7197cef91f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | FEDORA:FEDORA-2022-9178229cd7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.29;8;0;29;CVE-2022-21538;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.29;8;0;29;CVE-2022-21539;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 5.0 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.29;8;0;29;CVE-2022-21547;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.29;8;0;29;CVE-2022-21553;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21556;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.29;8;0;29;CVE-2022-21569;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 5.7.39;5;7;39;CVE-2022-21589;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.16;8;0;16;CVE-2022-21589;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 5.7.39;5;7;39;CVE-2022-21592;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.29;8;0;29;CVE-2022-21592;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.30;8;0;30;CVE-2022-21594;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 5.7.36;5;7;36;CVE-2022-21595;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21595;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.30;8;0;30;CVE-2022-21599;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2022-21600;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.30;8;0;30;CVE-2022-21604;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21605;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-21607;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 5.7.39;5;7;39;CVE-2022-21608;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.30;8;0;30;CVE-2022-21608;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.30;8;0;30;CVE-2022-21611;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 5.7.39;5;7;39;CVE-2022-21617;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.30;8;0;30;CVE-2022-21617;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.30;8;0;30;CVE-2022-21625;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.30;8;0;30;CVE-2022-21632;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.30;8;0;30;CVE-2022-21633;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.29;8;0;29;CVE-2022-21635;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.30;8;0;30;CVE-2022-21637;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.29;8;0;29;CVE-2022-21638;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.30;8;0;30;CVE-2022-21640;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 8.0.29;8;0;29;CVE-2022-21641;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20211115);"None (candidate not yet proposed)";"" 1.1.3;1;1;3;CVE-2022-21687;Candidate;"gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost; plus network access from host running gh-ost to the attack's malicious MySQL server. The `-database` parameter does not properly sanitize user input which can lead to arbitrary file reads.";"CONFIRM:https://github.com/github/gh-ost/security/advisories/GHSA-rrp4-2xx3-mv29 | URL:https://github.com/github/gh-ost/security/advisories/GHSA-rrp4-2xx3-mv29 | MISC:https://github.com/github/gh-ost/commit/a91ab042de013cfd8fbb633763438932d9080d8f | URL:https://github.com/github/gh-ost/commit/a91ab042de013cfd8fbb633763438932d9080d8f";Assigned (20211116);"None (candidate not yet proposed)";"" 10.6.5;10;6;5;CVE-2022-27376;Candidate;"MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg; which is exploited via specially crafted SQL statements.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220519-0007/ | MISC:https://jira.mariadb.org/browse/MDEV-26354 | MLIST:[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html";Assigned (20220321);"None (candidate not yet proposed)";"" 10.6.3;10;6;3;CVE-2022-27377;Candidate;"MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(); which is exploited via specially crafted SQL statements.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220526-0007/ | MISC:https://jira.mariadb.org/browse/MDEV-26281 | MLIST:[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html";Assigned (20220321);"None (candidate not yet proposed)";"" 10.6.2;10;6;2;CVE-2022-27379;Candidate;"An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220526-0005/ | MISC:https://jira.mariadb.org/browse/MDEV-26353 | MLIST:[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html";Assigned (20220321);"None (candidate not yet proposed)";"" 10.6.3;10;6;3;CVE-2022-27380;Candidate;"An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220526-0007/ | MISC:https://jira.mariadb.org/browse/MDEV-26280 | MLIST:[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html";Assigned (20220321);"None (candidate not yet proposed)";"" 10.6.3;10;6;3;CVE-2022-27455;Candidate;"MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220526-0007/ | MISC:https://jira.mariadb.org/browse/MDEV-28097";Assigned (20220321);"None (candidate not yet proposed)";"" 10.6.3;10;6;3;CVE-2022-27456;Candidate;"MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220526-0007/ | MISC:https://jira.mariadb.org/browse/MDEV-28093 | MLIST:[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html";Assigned (20220321);"None (candidate not yet proposed)";"" 10.6.3;10;6;3;CVE-2022-27457;Candidate;"MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220526-0007/ | MISC:https://jira.mariadb.org/browse/MDEV-28098";Assigned (20220321);"None (candidate not yet proposed)";"" 10.6.3;10;6;3;CVE-2022-27458;Candidate;"MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.";"CONFIRM:https://security.netapp.com/advisory/ntap-20220526-0007/ | MISC:https://jira.mariadb.org/browse/MDEV-28099 | MLIST:[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html";Assigned (20220321);"None (candidate not yet proposed)";"" 2.1.1;2;1;1;CVE-2022-31026;Candidate;"Trilogy is a client library for MySQL. When authenticating; a malicious server could return a specially crafted authentication packet; causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers.";"CONFIRM:https://github.com/github/trilogy/security/advisories/GHSA-5g4r-2qhx-vqfm | URL:https://github.com/github/trilogy/security/advisories/GHSA-5g4r-2qhx-vqfm | MISC:https://github.com/github/trilogy/commit/6bed62789eaf119902b0fe247d2a91d56c31a962 | URL:https://github.com/github/trilogy/commit/6bed62789eaf119902b0fe247d2a91d56c31a962";Assigned (20220518);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2022-34968;Candidate;"An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query.";"MISC:https://jira.percona.com/browse/PS-8294";Assigned (20220704);"None (candidate not yet proposed)";"" 6.5.0;6;5;0;CVE-2022-35866;Candidate;"This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139.";"FULLDISC:20240126 [Full Disclosure] CVE-2024-22901: Default MYSQL Credentials in Vinchin Backup & Recovery v7.2 and Earlier | URL:http://seclists.org/fulldisclosure/2024/Jan/30 | MISC:http://packetstormsecurity.com/files/176794/Vinchin-Backup-And-Recovery-7.2-Default-MySQL-Credentials.html | MISC:https://www.zerodayinitiative.com/advisories/ZDI-22-959/ | URL:https://www.zerodayinitiative.com/advisories/ZDI-22-959/";Assigned (20220714);"None (candidate not yet proposed)";"" 1.15.2;1;15;2;CVE-2022-39312;Candidate;"Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease; the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In `backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java`; the `MysqlConfiguration` class does not filter any parameters. If an attacker adds some parameters to a JDBC url and connects to a malicious mysql server; the attacker can trigger the mysql jdbc deserialization vulnerability. Through the deserialization vulnerability; the attacker can execute system commands and obtain server privileges. Version 1.15.2 contains a patch for this issue.";"CONFIRM:https://github.com/dataease/dataease/security/advisories/GHSA-q4qq-jhjv-7rh2 | URL:https://github.com/dataease/dataease/security/advisories/GHSA-q4qq-jhjv-7rh2 | MISC:https://github.com/dataease/dataease/commit/956ee2d6c9e81349a60aef435efc046888e10a6d | URL:https://github.com/dataease/dataease/commit/956ee2d6c9e81349a60aef435efc046888e10a6d | MISC:https://github.com/dataease/dataease/pull/3328 | URL:https://github.com/dataease/dataease/pull/3328 | MISC:https://github.com/dataease/dataease/releases/tag/v1.15.2 | URL:https://github.com/dataease/dataease/releases/tag/v1.15.2";Assigned (20220902);"None (candidate not yet proposed)";"" 8.0.30;8;0;30;CVE-2022-39400;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20220902);"None (candidate not yet proposed)";"" 8.0.30;8;0;30;CVE-2022-39408;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20220902);"None (candidate not yet proposed)";"" 8.0.30;8;0;30;CVE-2022-39410;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/ | FEDORA:FEDORA-2023-d332f0b6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/ | FEDORA:FEDORA-2023-e449235964 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/ | MISC:https://www.oracle.com/security-alerts/cpuoct2022.html | URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20220902);"None (candidate not yet proposed)";"" 1.3.0;1;3;0;CVE-2022-40955;Candidate;"In versions of Apache InLong prior to 1.3.0; an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database; could cause this data to be deserialized by Apache InLong; potentially leading to Remote Code Execution on the Apache InLong server. Users are advised to upgrade to Apache InLong 1.3.0 or newer.";"MISC:[oss-security] 20220922 CVE-2022-40955: Deserialization attack in Apache InLong prior to version 1.3.0 allows RCE via JDBC | URL:http://www.openwall.com/lists/oss-security/2022/09/22/5 | MISC:https://lists.apache.org/thread/r1r34y7bchrpmp9jhfdoohzdmk7pj1q1 | URL:https://lists.apache.org/thread/r1r34y7bchrpmp9jhfdoohzdmk7pj1q1";Assigned (20220919);"None (candidate not yet proposed)";"" 1.3.0;1;3;0;CVE-2022-44644;Candidate;"In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module; an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server; By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore; the parameters in the JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.1";"MISC:https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h | URL:https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h";Assigned (20221103);"None (candidate not yet proposed)";"" 1.3.1;1;3;1;CVE-2022-44644;Candidate;"In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module; an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server; By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore; the parameters in the JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.1";"MISC:https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h | URL:https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h";Assigned (20221103);"None (candidate not yet proposed)";"" 3.17.0;3;17;0;CVE-2022-45136;Candidate;"** UNSUPPORTED WHEN ASSIGNED ** Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a result an application using Apache Jena SDB can be subject to RCE when connected to a malicious database server. Apache Jena SDB has been EOL since December 2020 and users should migrate to alternative options e.g. Apache Jena TDB 2.";"MISC:https://lists.apache.org/thread/mc77cdl5stgjtjoldk467gdf756qjt31 | URL:https://lists.apache.org/thread/mc77cdl5stgjtjoldk467gdf756qjt31 | MLIST:[oss-security] 20221114 CVE-2022-45136: JDBC Deserialisation in Apache Jena SDB | URL:http://www.openwall.com/lists/oss-security/2022/11/14/5";Assigned (20221110);"None (candidate not yet proposed)";"" 10.3.33;10;3;33;CVE-2022-47015;Candidate;"MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.";"CONFIRM:https://security.netapp.com/advisory/ntap-20230309-0009/ | FEDORA:FEDORA-2023-381f23a0ae | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O22PO3Q6TRSNJI2A2WTJH3VVCHEKBF6C/ | FEDORA:FEDORA-2023-b4ff407364 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUQ33SPQCZQD63TWAM3XKFNVNFRGPFYU/ | MISC:https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954 | URL:https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954 | MLIST:[debian-lts-announce] 20230604 [SECURITY] [DLA 3444-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2023/06/msg00005.html";Assigned (20221212);"None (candidate not yet proposed)";"" 10.9.2;10;9;2;CVE-2022-47015;Candidate;"MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.";"CONFIRM:https://security.netapp.com/advisory/ntap-20230309-0009/ | FEDORA:FEDORA-2023-381f23a0ae | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O22PO3Q6TRSNJI2A2WTJH3VVCHEKBF6C/ | FEDORA:FEDORA-2023-b4ff407364 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUQ33SPQCZQD63TWAM3XKFNVNFRGPFYU/ | MISC:https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954 | URL:https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954 | MLIST:[debian-lts-announce] 20230604 [SECURITY] [DLA 3444-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2023/06/msg00005.html";Assigned (20221212);"None (candidate not yet proposed)";"" 8.0.31;8;0;31;CVE-2023-21836;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 5.7.40;5;7;40;CVE-2023-21840;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.40 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.31;8;0;31;CVE-2023-21863;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.30;8;0;30;CVE-2023-21864;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.30;8;0;30;CVE-2023-21865;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.28;8;0;28;CVE-2023-21866;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.31;8;0;31;CVE-2023-21867;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.31;8;0;31;CVE-2023-21868;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.31;8;0;31;CVE-2023-21869;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.31;8;0;31;CVE-2023-21870;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.31;8;0;31;CVE-2023-21871;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.29;8;0;29;CVE-2023-21872;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.31;8;0;31;CVE-2023-21873;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.30;8;0;30;CVE-2023-21874;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.31;8;0;31;CVE-2023-21875;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.31;8;0;31;CVE-2023-21876;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.31;8;0;31;CVE-2023-21877;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.31;8;0;31;CVE-2023-21878;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.31;8;0;31;CVE-2023-21879;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.31;8;0;31;CVE-2023-21880;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.31;8;0;31;CVE-2023-21881;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.31;8;0;31;CVE-2023-21882;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.31;8;0;31;CVE-2023-21883;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.31;8;0;31;CVE-2023-21887;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.32;8;0;32;CVE-2023-21911;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | FEDORA:FEDORA-2023-492105ed08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/ | FEDORA:FEDORA-2023-9ccff0b1b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/ | FEDORA:FEDORA-2023-a9283d639f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 5.7.41;5;7;41;CVE-2023-21912;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.41 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.30;8;0;30;CVE-2023-21912;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.41 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.31;8;0;31;CVE-2023-21913;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.30;8;0;30;CVE-2023-21917;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.32;8;0;32;CVE-2023-21919;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | FEDORA:FEDORA-2023-492105ed08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/ | FEDORA:FEDORA-2023-9ccff0b1b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/ | FEDORA:FEDORA-2023-a9283d639f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.32;8;0;32;CVE-2023-21920;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | FEDORA:FEDORA-2023-492105ed08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/ | FEDORA:FEDORA-2023-9ccff0b1b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/ | FEDORA:FEDORA-2023-a9283d639f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.32;8;0;32;CVE-2023-21929;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | FEDORA:FEDORA-2023-492105ed08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/ | FEDORA:FEDORA-2023-9ccff0b1b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/ | FEDORA:FEDORA-2023-a9283d639f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.32;8;0;32;CVE-2023-21933;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | FEDORA:FEDORA-2023-492105ed08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/ | FEDORA:FEDORA-2023-9ccff0b1b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/ | FEDORA:FEDORA-2023-a9283d639f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.32;8;0;32;CVE-2023-21935;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | FEDORA:FEDORA-2023-492105ed08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/ | FEDORA:FEDORA-2023-9ccff0b1b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/ | FEDORA:FEDORA-2023-a9283d639f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.32;8;0;32;CVE-2023-21940;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | FEDORA:FEDORA-2023-492105ed08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/ | FEDORA:FEDORA-2023-9ccff0b1b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/ | FEDORA:FEDORA-2023-a9283d639f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.32;8;0;32;CVE-2023-21945;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | FEDORA:FEDORA-2023-492105ed08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/ | FEDORA:FEDORA-2023-9ccff0b1b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/ | FEDORA:FEDORA-2023-a9283d639f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.32;8;0;32;CVE-2023-21946;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | FEDORA:FEDORA-2023-492105ed08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/ | FEDORA:FEDORA-2023-9ccff0b1b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/ | FEDORA:FEDORA-2023-a9283d639f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.32;8;0;32;CVE-2023-21947;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | FEDORA:FEDORA-2023-492105ed08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/ | FEDORA:FEDORA-2023-9ccff0b1b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/ | FEDORA:FEDORA-2023-a9283d639f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.27;8;0;27;CVE-2023-21950;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230725-0005/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujul2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.32;8;0;32;CVE-2023-21953;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | FEDORA:FEDORA-2023-492105ed08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/ | FEDORA:FEDORA-2023-9ccff0b1b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/ | FEDORA:FEDORA-2023-a9283d639f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.32;8;0;32;CVE-2023-21955;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | FEDORA:FEDORA-2023-492105ed08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/ | FEDORA:FEDORA-2023-9ccff0b1b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/ | FEDORA:FEDORA-2023-a9283d639f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.32;8;0;32;CVE-2023-21962;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | FEDORA:FEDORA-2023-492105ed08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/ | FEDORA:FEDORA-2023-9ccff0b1b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/ | FEDORA:FEDORA-2023-a9283d639f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 5.7.40;5;7;40;CVE-2023-21963;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.40 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.31;8;0;31;CVE-2023-21963;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.40 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.32;8;0;32;CVE-2023-21966;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.32;8;0;32;CVE-2023-21972;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.32;8;0;32;CVE-2023-21976;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.32;8;0;32;CVE-2023-21977;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 5.7.41;5;7;41;CVE-2023-21980;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.1 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.32;8;0;32;CVE-2023-21980;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.1 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.32;8;0;32;CVE-2023-21982;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuapr2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.33;8;0;33;CVE-2023-22005;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230725-0005/ | FEDORA:FEDORA-2023-492105ed08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/ | FEDORA:FEDORA-2023-9ccff0b1b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/ | FEDORA:FEDORA-2023-a9283d639f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujul2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 5.7.41;5;7;41;CVE-2023-22007;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230725-0005/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujul2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.32;8;0;32;CVE-2023-22007;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230725-0005/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujul2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.33;8;0;33;CVE-2023-22008;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230725-0005/ | FEDORA:FEDORA-2023-492105ed08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/ | FEDORA:FEDORA-2023-9ccff0b1b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/ | FEDORA:FEDORA-2023-a9283d639f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujul2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 5.7.42;5;7;42;CVE-2023-22015;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.31;8;0;31;CVE-2023-22015;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 5.7.42;5;7;42;CVE-2023-22026;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.31;8;0;31;CVE-2023-22026;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 5.7.43;5;7;43;CVE-2023-22028;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.43 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.31;8;0;31;CVE-2023-22028;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.43 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.34;8;0;34;CVE-2023-22032;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.1.0;8;1;0;CVE-2023-22032;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.33;8;0;33;CVE-2023-22033;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230725-0005/ | FEDORA:FEDORA-2023-492105ed08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/ | FEDORA:FEDORA-2023-9ccff0b1b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/ | FEDORA:FEDORA-2023-a9283d639f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujul2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.33;8;0;33;CVE-2023-22038;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230725-0005/ | FEDORA:FEDORA-2023-492105ed08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/ | FEDORA:FEDORA-2023-9ccff0b1b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/ | FEDORA:FEDORA-2023-a9283d639f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujul2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.33;8;0;33;CVE-2023-22046;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230725-0005/ | FEDORA:FEDORA-2023-492105ed08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/ | FEDORA:FEDORA-2023-9ccff0b1b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/ | FEDORA:FEDORA-2023-a9283d639f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujul2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.33;8;0;33;CVE-2023-22048;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230725-0005/ | FEDORA:FEDORA-2023-492105ed08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/ | FEDORA:FEDORA-2023-9ccff0b1b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/ | FEDORA:FEDORA-2023-a9283d639f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujul2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 5.7.42;5;7;42;CVE-2023-22053;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230725-0005/ | FEDORA:FEDORA-2023-492105ed08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/ | FEDORA:FEDORA-2023-9ccff0b1b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/ | FEDORA:FEDORA-2023-a9283d639f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujul2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.33;8;0;33;CVE-2023-22053;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230725-0005/ | FEDORA:FEDORA-2023-492105ed08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/ | FEDORA:FEDORA-2023-9ccff0b1b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/ | FEDORA:FEDORA-2023-a9283d639f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujul2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.33;8;0;33;CVE-2023-22054;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230725-0005/ | FEDORA:FEDORA-2023-492105ed08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/ | FEDORA:FEDORA-2023-9ccff0b1b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/ | FEDORA:FEDORA-2023-a9283d639f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujul2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.33;8;0;33;CVE-2023-22056;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230725-0005/ | FEDORA:FEDORA-2023-492105ed08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/ | FEDORA:FEDORA-2023-9ccff0b1b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/ | FEDORA:FEDORA-2023-a9283d639f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujul2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.33;8;0;33;CVE-2023-22057;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230725-0005/ | FEDORA:FEDORA-2023-492105ed08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/ | FEDORA:FEDORA-2023-9ccff0b1b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/ | FEDORA:FEDORA-2023-a9283d639f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujul2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.33;8;0;33;CVE-2023-22058;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20230725-0005/ | FEDORA:FEDORA-2023-492105ed08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/ | FEDORA:FEDORA-2023-9ccff0b1b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/ | FEDORA:FEDORA-2023-a9283d639f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujul2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.34;8;0;34;CVE-2023-22059;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.1.0;8;1;0;CVE-2023-22059;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.34;8;0;34;CVE-2023-22064;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.33;8;0;33;CVE-2023-22065;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.34;8;0;34;CVE-2023-22066;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.1.0;8;1;0;CVE-2023-22066;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.34;8;0;34;CVE-2023-22068;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.1.0;8;1;0;CVE-2023-22068;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.34;8;0;34;CVE-2023-22070;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.1.0;8;1;0;CVE-2023-22070;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.34;8;0;34;CVE-2023-22078;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.1.0;8;1;0;CVE-2023-22078;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.34;8;0;34;CVE-2023-22079;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 5.7.43;5;7;43;CVE-2023-22084;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior; 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | FEDORA:FEDORA-2023-2eca0baace | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OR7GNQAJZ7NMHT4HRDNROR3DS272KKET/ | FEDORA:FEDORA-2023-7fe02ec473 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCGSAQFWYIJRIYLZLHPS3MRUS4AQ5JQH/ | FEDORA:FEDORA-2023-bff42b29eb | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZL2AT2ZUKB6K22UTISHEZ4JKG4VZ3VO/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html | MLIST:[debian-lts-announce] 20240127 [SECURITY] [DLA 3722-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00017.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.34;8;0;34;CVE-2023-22084;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior; 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | FEDORA:FEDORA-2023-2eca0baace | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OR7GNQAJZ7NMHT4HRDNROR3DS272KKET/ | FEDORA:FEDORA-2023-7fe02ec473 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCGSAQFWYIJRIYLZLHPS3MRUS4AQ5JQH/ | FEDORA:FEDORA-2023-bff42b29eb | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZL2AT2ZUKB6K22UTISHEZ4JKG4VZ3VO/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html | MLIST:[debian-lts-announce] 20240127 [SECURITY] [DLA 3722-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00017.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.1.0;8;1;0;CVE-2023-22084;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior; 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | FEDORA:FEDORA-2023-2eca0baace | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OR7GNQAJZ7NMHT4HRDNROR3DS272KKET/ | FEDORA:FEDORA-2023-7fe02ec473 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCGSAQFWYIJRIYLZLHPS3MRUS4AQ5JQH/ | FEDORA:FEDORA-2023-bff42b29eb | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZL2AT2ZUKB6K22UTISHEZ4JKG4VZ3VO/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html | MLIST:[debian-lts-announce] 20240127 [SECURITY] [DLA 3722-1] mariadb-10.3 security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00017.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.34;8;0;34;CVE-2023-22092;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 1.6.8;1;6;8;CVE-2023-22094;Candidate;"Vulnerability in the MySQL Installer product of Oracle MySQL (component: Installer: General). Supported versions that are affected are Prior to 1.6.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Installer executes to compromise MySQL Installer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Installer; attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Installer accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Installer. Note: This patch is used in MySQL Server bundled version 8.0.35 and 5.7.44. CVSS 3.1 Base Score 7.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.35;8;0;35;CVE-2023-22094;Candidate;"Vulnerability in the MySQL Installer product of Oracle MySQL (component: Installer: General). Supported versions that are affected are Prior to 1.6.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Installer executes to compromise MySQL Installer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Installer; attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Installer accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Installer. Note: This patch is used in MySQL Server bundled version 8.0.35 and 5.7.44. CVSS 3.1 Base Score 7.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 5.7.44;5;7;44;CVE-2023-22094;Candidate;"Vulnerability in the MySQL Installer product of Oracle MySQL (component: Installer: General). Supported versions that are affected are Prior to 1.6.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Installer executes to compromise MySQL Installer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Installer; attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Installer accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Installer. Note: This patch is used in MySQL Server bundled version 8.0.35 and 5.7.44. CVSS 3.1 Base Score 7.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.1.0;8;1;0;CVE-2023-22095;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). The supported version that is affected is 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.34;8;0;34;CVE-2023-22097;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.1.0;8;1;0;CVE-2023-22097;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.34;8;0;34;CVE-2023-22103;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.1.0;8;1;0;CVE-2023-22103;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.32;8;0;32;CVE-2023-22104;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.33;8;0;33;CVE-2023-22110;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.33;8;0;33;CVE-2023-22111;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.34;8;0;34;CVE-2023-22112;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.33;8;0;33;CVE-2023-22113;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.34;8;0;34;CVE-2023-22114;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.1.0;8;1;0;CVE-2023-22114;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 8.0.33;8;0;33;CVE-2023-22115;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20231027-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpuoct2023.html";Assigned (20221217);"None (candidate not yet proposed)";"" 7.0.0;7;0;0;CVE-2023-22974;Candidate;"A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.";"MISC:https://www.open-emr.org/wiki/index.php/OpenEMR_Patches#7.0.0_Patch_.2811.2F30.2F22.29 | MISC:https://www.sonarsource.com/blog/openemr-remote-code-execution-in-your-healthcare-system/";Assigned (20230111);"None (candidate not yet proposed)";"" 20.5.0;20;5;0;CVE-2023-28630;Candidate;"GoCD is an open source continuous delivery server. In GoCD versions from 20.5.0 and below 23.1.0; if the server environment is not correctly configured by administrators to provide access to the relevant PostgreSQL or MySQL backup tools; the credentials for database access may be unintentionally leaked to admin alerts on the GoCD user interface. The vulnerability is triggered only if the GoCD server host is misconfigured to have backups enabled; but does not have access to the `pg_dump` or `mysqldump` utility tools to backup the configured database type (PostgreSQL or MySQL respectively). In such cases; failure to launch the expected backup utility reports the shell environment used to attempt to launch in the server admin alert; which includes the plaintext database password supplied to the configured tool. This vulnerability does not affect backups of the default on-disk H2 database that GoCD is configured to use. This issue has been addressed and fixed in GoCD 23.1.0. Users are advised to upgrade. Users unable to upgrade may disable backups; or administrators should ensure that the required `pg_dump` (PostgreSQL) or `mysqldump` (MySQL) binaries are available on the GoCD server when backups are triggered.";"MISC:https://github.com/gocd/gocd/commit/6545481e7b36817dd6033bf614585a8db242070d | URL:https://github.com/gocd/gocd/commit/6545481e7b36817dd6033bf614585a8db242070d | MISC:https://github.com/gocd/gocd/releases/tag/23.1.0 | URL:https://github.com/gocd/gocd/releases/tag/23.1.0 | MISC:https://github.com/gocd/gocd/security/advisories/GHSA-p95w-gh78-qjmv | URL:https://github.com/gocd/gocd/security/advisories/GHSA-p95w-gh78-qjmv | MISC:https://www.gocd.org/releases/#23-1-0 | URL:https://www.gocd.org/releases/#23-1-0";Assigned (20230320);"None (candidate not yet proposed)";"" 23.1.0;23;1;0;CVE-2023-28630;Candidate;"GoCD is an open source continuous delivery server. In GoCD versions from 20.5.0 and below 23.1.0; if the server environment is not correctly configured by administrators to provide access to the relevant PostgreSQL or MySQL backup tools; the credentials for database access may be unintentionally leaked to admin alerts on the GoCD user interface. The vulnerability is triggered only if the GoCD server host is misconfigured to have backups enabled; but does not have access to the `pg_dump` or `mysqldump` utility tools to backup the configured database type (PostgreSQL or MySQL respectively). In such cases; failure to launch the expected backup utility reports the shell environment used to attempt to launch in the server admin alert; which includes the plaintext database password supplied to the configured tool. This vulnerability does not affect backups of the default on-disk H2 database that GoCD is configured to use. This issue has been addressed and fixed in GoCD 23.1.0. Users are advised to upgrade. Users unable to upgrade may disable backups; or administrators should ensure that the required `pg_dump` (PostgreSQL) or `mysqldump` (MySQL) binaries are available on the GoCD server when backups are triggered.";"MISC:https://github.com/gocd/gocd/commit/6545481e7b36817dd6033bf614585a8db242070d | URL:https://github.com/gocd/gocd/commit/6545481e7b36817dd6033bf614585a8db242070d | MISC:https://github.com/gocd/gocd/releases/tag/23.1.0 | URL:https://github.com/gocd/gocd/releases/tag/23.1.0 | MISC:https://github.com/gocd/gocd/security/advisories/GHSA-p95w-gh78-qjmv | URL:https://github.com/gocd/gocd/security/advisories/GHSA-p95w-gh78-qjmv | MISC:https://www.gocd.org/releases/#23-1-0 | URL:https://www.gocd.org/releases/#23-1-0";Assigned (20230320);"None (candidate not yet proposed)";"" 16.0.2;16;0;2;CVE-2023-29195;Candidate;"Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2; users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on; anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspace(s) will also no longer work. Creating a shard using `vtctldclient` does not have the same problem because the CLI validates the input correctly. Version 16.0.2; corresponding to version 0.16.2 of the `go` module; contains a patch for this issue. Some workarounds are available. Always use `vtctldclient` to create shards; instead of using VTAdmin; disable creating shards from VTAdmin using RBAC; and/or delete the topology record for the offending shard using the client for your topology server.";"MISC:https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920 | URL:https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920 | MISC:https://github.com/vitessio/vitess/issues/12842 | URL:https://github.com/vitessio/vitess/issues/12842 | MISC:https://github.com/vitessio/vitess/pull/12843 | URL:https://github.com/vitessio/vitess/pull/12843 | MISC:https://github.com/vitessio/vitess/releases/tag/v16.0.2 | URL:https://github.com/vitessio/vitess/releases/tag/v16.0.2 | MISC:https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w | URL:https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w | MISC:https://pkg.go.dev/vitess.io/vitess@v0.16.2 | URL:https://pkg.go.dev/vitess.io/vitess@v0.16.2";Assigned (20230403);"None (candidate not yet proposed)";"" 0.16.2;0;16;2;CVE-2023-29195;Candidate;"Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2; users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on; anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspace(s) will also no longer work. Creating a shard using `vtctldclient` does not have the same problem because the CLI validates the input correctly. Version 16.0.2; corresponding to version 0.16.2 of the `go` module; contains a patch for this issue. Some workarounds are available. Always use `vtctldclient` to create shards; instead of using VTAdmin; disable creating shards from VTAdmin using RBAC; and/or delete the topology record for the offending shard using the client for your topology server.";"MISC:https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920 | URL:https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920 | MISC:https://github.com/vitessio/vitess/issues/12842 | URL:https://github.com/vitessio/vitess/issues/12842 | MISC:https://github.com/vitessio/vitess/pull/12843 | URL:https://github.com/vitessio/vitess/pull/12843 | MISC:https://github.com/vitessio/vitess/releases/tag/v16.0.2 | URL:https://github.com/vitessio/vitess/releases/tag/v16.0.2 | MISC:https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w | URL:https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w | MISC:https://pkg.go.dev/vitess.io/vitess@v0.16.2 | URL:https://pkg.go.dev/vitess.io/vitess@v0.16.2";Assigned (20230403);"None (candidate not yet proposed)";"" 0.3.0;0;3;0;CVE-2023-31847;Candidate;"In davinci 0.3.0-rc after logging in; the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side.";"MISC:https://github.com/edp963/davinci/issues/2326";Assigned (20230429);"None (candidate not yet proposed)";"" 21.0.5;21;0;5;CVE-2023-34362;Candidate;"In Progress MOVEit Transfer before 2021.0.6 (13.0.6); 2021.1.4 (13.1.4); 2022.0.4 (14.0.4); 2022.1.5 (14.1.5); and 2023.0.1 (15.0.1); a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g.; 2020.0 and 2019x) before the five explicitly mentioned versions are affected; including older unsupported versions.";"MISC:http://packetstormsecurity.com/files/172883/MOVEit-Transfer-SQL-Injection-Remote-Code-Execution.html | MISC:http://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html | MISC:https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023";Assigned (20230602);"None (candidate not yet proposed)";"" 13.0.5;13;0;5;CVE-2023-34362;Candidate;"In Progress MOVEit Transfer before 2021.0.6 (13.0.6); 2021.1.4 (13.1.4); 2022.0.4 (14.0.4); 2022.1.5 (14.1.5); and 2023.0.1 (15.0.1); a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g.; 2020.0 and 2019x) before the five explicitly mentioned versions are affected; including older unsupported versions.";"MISC:http://packetstormsecurity.com/files/172883/MOVEit-Transfer-SQL-Injection-Remote-Code-Execution.html | MISC:http://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html | MISC:https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023";Assigned (20230602);"None (candidate not yet proposed)";"" 21.1.3;21;1;3;CVE-2023-34362;Candidate;"In Progress MOVEit Transfer before 2021.0.6 (13.0.6); 2021.1.4 (13.1.4); 2022.0.4 (14.0.4); 2022.1.5 (14.1.5); and 2023.0.1 (15.0.1); a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g.; 2020.0 and 2019x) before the five explicitly mentioned versions are affected; including older unsupported versions.";"MISC:http://packetstormsecurity.com/files/172883/MOVEit-Transfer-SQL-Injection-Remote-Code-Execution.html | MISC:http://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html | MISC:https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023";Assigned (20230602);"None (candidate not yet proposed)";"" 13.1.3;13;1;3;CVE-2023-34362;Candidate;"In Progress MOVEit Transfer before 2021.0.6 (13.0.6); 2021.1.4 (13.1.4); 2022.0.4 (14.0.4); 2022.1.5 (14.1.5); and 2023.0.1 (15.0.1); a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g.; 2020.0 and 2019x) before the five explicitly mentioned versions are affected; including older unsupported versions.";"MISC:http://packetstormsecurity.com/files/172883/MOVEit-Transfer-SQL-Injection-Remote-Code-Execution.html | MISC:http://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html | MISC:https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023";Assigned (20230602);"None (candidate not yet proposed)";"" 22.0.3;22;0;3;CVE-2023-34362;Candidate;"In Progress MOVEit Transfer before 2021.0.6 (13.0.6); 2021.1.4 (13.1.4); 2022.0.4 (14.0.4); 2022.1.5 (14.1.5); and 2023.0.1 (15.0.1); a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g.; 2020.0 and 2019x) before the five explicitly mentioned versions are affected; including older unsupported versions.";"MISC:http://packetstormsecurity.com/files/172883/MOVEit-Transfer-SQL-Injection-Remote-Code-Execution.html | MISC:http://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html | MISC:https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023";Assigned (20230602);"None (candidate not yet proposed)";"" 14.0.3;14;0;3;CVE-2023-34362;Candidate;"In Progress MOVEit Transfer before 2021.0.6 (13.0.6); 2021.1.4 (13.1.4); 2022.0.4 (14.0.4); 2022.1.5 (14.1.5); and 2023.0.1 (15.0.1); a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g.; 2020.0 and 2019x) before the five explicitly mentioned versions are affected; including older unsupported versions.";"MISC:http://packetstormsecurity.com/files/172883/MOVEit-Transfer-SQL-Injection-Remote-Code-Execution.html | MISC:http://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html | MISC:https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023";Assigned (20230602);"None (candidate not yet proposed)";"" 22.1.4;22;1;4;CVE-2023-34362;Candidate;"In Progress MOVEit Transfer before 2021.0.6 (13.0.6); 2021.1.4 (13.1.4); 2022.0.4 (14.0.4); 2022.1.5 (14.1.5); and 2023.0.1 (15.0.1); a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g.; 2020.0 and 2019x) before the five explicitly mentioned versions are affected; including older unsupported versions.";"MISC:http://packetstormsecurity.com/files/172883/MOVEit-Transfer-SQL-Injection-Remote-Code-Execution.html | MISC:http://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html | MISC:https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023";Assigned (20230602);"None (candidate not yet proposed)";"" 14.1.4;14;1;4;CVE-2023-34362;Candidate;"In Progress MOVEit Transfer before 2021.0.6 (13.0.6); 2021.1.4 (13.1.4); 2022.0.4 (14.0.4); 2022.1.5 (14.1.5); and 2023.0.1 (15.0.1); a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g.; 2020.0 and 2019x) before the five explicitly mentioned versions are affected; including older unsupported versions.";"MISC:http://packetstormsecurity.com/files/172883/MOVEit-Transfer-SQL-Injection-Remote-Code-Execution.html | MISC:http://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html | MISC:https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023";Assigned (20230602);"None (candidate not yet proposed)";"" 23.0.0;23;0;0;CVE-2023-34362;Candidate;"In Progress MOVEit Transfer before 2021.0.6 (13.0.6); 2021.1.4 (13.1.4); 2022.0.4 (14.0.4); 2022.1.5 (14.1.5); and 2023.0.1 (15.0.1); a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g.; 2020.0 and 2019x) before the five explicitly mentioned versions are affected; including older unsupported versions.";"MISC:http://packetstormsecurity.com/files/172883/MOVEit-Transfer-SQL-Injection-Remote-Code-Execution.html | MISC:http://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html | MISC:https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023";Assigned (20230602);"None (candidate not yet proposed)";"" 15.0.0;15;0;0;CVE-2023-34362;Candidate;"In Progress MOVEit Transfer before 2021.0.6 (13.0.6); 2021.1.4 (13.1.4); 2022.0.4 (14.0.4); 2022.1.5 (14.1.5); and 2023.0.1 (15.0.1); a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL; Microsoft SQL Server; or Azure SQL); an attacker may be able to infer information about the structure and contents of the database; and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g.; 2020.0 and 2019x) before the five explicitly mentioned versions are affected; including older unsupported versions.";"MISC:http://packetstormsecurity.com/files/172883/MOVEit-Transfer-SQL-Injection-Remote-Code-Execution.html | MISC:http://packetstormsecurity.com/files/173110/MOVEit-SQL-Injection.html | MISC:https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023";Assigned (20230602);"None (candidate not yet proposed)";"" 2.37.0;2;37;0;CVE-2023-34409;Candidate;"In Percona Monitoring and Management (PMM) server 2.x before 2.37.1; the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user; when a crafted POST request is made against unauthenticated API routes; to access otherwise protected API routes leading to escalation of privileges and information disclosure.";"MISC:https://www.percona.com/blog/pmm-authentication-bypass-vulnerability-fixed-in-2-37-1/";Assigned (20230605);"None (candidate not yet proposed)";"" 14.49.0;14;49;0;CVE-2023-46127;Candidate;"Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been patched in version 14.49.0.";"MISC:https://github.com/frappe/frappe/commit/3dc5d2fcc7561dde181ba953009fe6e39d64e900 | URL:https://github.com/frappe/frappe/commit/3dc5d2fcc7561dde181ba953009fe6e39d64e900 | MISC:https://github.com/frappe/frappe/pull/22339 | URL:https://github.com/frappe/frappe/pull/22339 | MISC:https://github.com/frappe/frappe/security/advisories/GHSA-j2w9-8xrr-7g98 | URL:https://github.com/frappe/frappe/security/advisories/GHSA-j2w9-8xrr-7g98";Assigned (20231016);"None (candidate not yet proposed)";"" 8.0.35;8;0;35;CVE-2024-20961;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" 8.2.0;8;2;0;CVE-2024-20961;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" 8.0.35;8;0;35;CVE-2024-20963;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" 8.2.0;8;2;0;CVE-2024-20963;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" 8.0.35;8;0;35;CVE-2024-20965;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" 8.2.0;8;2;0;CVE-2024-20965;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" 8.0.35;8;0;35;CVE-2024-20967;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" 8.2.0;8;2;0;CVE-2024-20967;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" 8.0.35;8;0;35;CVE-2024-20969;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" 8.2.0;8;2;0;CVE-2024-20969;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" 8.0.35;8;0;35;CVE-2024-20971;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" 8.2.0;8;2;0;CVE-2024-20971;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" 8.0.35;8;0;35;CVE-2024-20973;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" 8.2.0;8;2;0;CVE-2024-20973;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" 8.2.0;8;2;0;CVE-2024-20975;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" 8.0.35;8;0;35;CVE-2024-20977;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" 8.2.0;8;2;0;CVE-2024-20977;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" 8.0.35;8;0;35;CVE-2024-20981;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" 8.2.0;8;2;0;CVE-2024-20981;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" 8.0.34;8;0;34;CVE-2024-20983;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" 8.0.35;8;0;35;CVE-2024-20985;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";"" 8.2.0;8;2;0;CVE-2024-20985;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html";Assigned (20231207);"None (candidate not yet proposed)";""