Errata ALT-PU-2015-1749-1: Information
Fixes
Published: Jan. 31, 2014
BDU:2014-00338
Уязвимость системы управления базами данных MySQL, позволяющая злоумышленнику вызвать отказ в обслуживании
Severity: HIGH (7.5)
Links:
Published: Jan. 31, 2014
BDU:2014-00339
Уязвимость системы управления базами данных Marida DB, позволяющая злоумышленнику вызвать отказ в обслуживании
Severity: HIGH (7.5)
Links:
Published: April 15, 2014
BDU:2014-00340
Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных
Severity: MEDIUM (4.0)
Links:
Published: April 15, 2014
BDU:2014-00341
Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных
Severity: MEDIUM (4.0)
Links:
Published: April 15, 2014
BDU:2014-00343
Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных
Severity: LOW (3.5)
Links:
Published: April 15, 2014
BDU:2014-00345
Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных
Severity: MEDIUM (4.3)
Links:
Published: Jan. 15, 2014
BDU:2014-00346
Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных
Severity: LOW (2.8)
Links:
Published: April 15, 2014
BDU:2014-00350
Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных
Severity: MEDIUM (6.0)
Links:
Published: April 15, 2014
BDU:2014-00351
Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных
Severity: LOW (2.8)
Links:
Published: April 15, 2014
BDU:2014-00352
Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных
Severity: LOW (3.5)
Links:
Published: Jan. 15, 2014
BDU:2014-00353
Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных
Severity: MEDIUM (4.0)
Links:
Published: April 15, 2014
BDU:2014-00354
Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных
Severity: LOW (2.6)
Links:
Published: Jan. 15, 2014
BDU:2014-00356
Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных
Severity: LOW (3.5)
Links:
Published: Jan. 15, 2014
BDU:2014-00357
Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных
Severity: MEDIUM (4.0)
Links:
Published: Jan. 15, 2014
BDU:2014-00361
Уязвимость системы управления базами данных MySQL, позволяющая удаленным пользователям, прошедшим аутентификацию, оказать воздействие на доступность данных
Severity: LOW (2.6)
Links:
Published: April 16, 2015
BDU:2015-09979
Уязвимость системы управления базами данных MySQL, позволяющая удаленному нарушителю, прошедшим аутентификацию, нарушить доступность данных
Severity: MEDIUM (5.7)
Links:
Published: April 16, 2015
BDU:2015-09981
Уязвимость системы управления базами данных MySQL, позволяющая удаленному нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.0)
Links:
Published: April 16, 2015
BDU:2015-09982
Уязвимость системы управления базами данных MySQL, позволяющая удаленному нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.0)
Links:
Published: April 16, 2015
BDU:2015-09986
Уязвимость системы управления базами данных MySQL, позволяющая удаленному нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.0)
Links:
Published: April 16, 2015
BDU:2015-09988
Уязвимость системы управления базами данных MySQL, позволяющая удаленному нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.0)
Links:
Published: April 16, 2015
BDU:2015-09991
Уязвимость системы управления базами данных MySQL, позволяющая удаленному нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.0)
Links:
Published: April 16, 2015
BDU:2015-09993
Уязвимость системы управления базами данных MySQL, позволяющая удаленному нарушителю вызвать отказ в обслуживании
Severity: LOW (3.5)
Links:
Published: April 16, 2015
BDU:2015-09994
Уязвимость системы управления базами данных MySQL, позволяющая удаленному нарушителю вызвать отказ в обслуживании
Severity: LOW (3.5)
Links:
Published: July 14, 2015
BDU:2015-11050
Уязвимость системы управления базами данных MySQL, позволяющая нарушителю нарушить доступность защищаемой информации
Severity: MEDIUM (4.0)
Links:
Published: July 14, 2015
BDU:2015-11052
Уязвимость системы управления базами данных MySQL, позволяющая нарушителю нарушить доступность защищаемой информации
Severity: LOW (3.5)
Links:
Published: Oct. 22, 2015
BDU:2015-11860
Уязвимость системы управления базами данных MySQL, позволяющая нарушителю получить доступ к системе управления базами данных или выполнить произвольный код
Severity: MEDIUM (4.6)
Links:
Published: Oct. 22, 2015
BDU:2015-11874
Уязвимость системы управления базами данных MySQL, позволяющая нарушителю изменять данные
Severity: LOW (3.5)
Links:
Published: Oct. 22, 2015
BDU:2015-11909
Уязвимость системы управления базами данных MySQL, позволяющая нарушителю получить доступ к MySQL Server или выполнить произвольный код
Severity: HIGH (7.2)
Links:
Published: Oct. 22, 2015
BDU:2015-11911
Уязвимость системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.0)
Links:
Published: July 16, 2015
BDU:2015-12154
Уязвимость системы управления базами данных MySQL, позволяющая нарушителю нарушить доступность информации
Severity: MEDIUM (4.0)
Links:
Published: Jan. 16, 2019
BDU:2019-00640
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 16, 2019
BDU:2019-01602
Уязвимость компонента Server: Replication системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.4) Vector: AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 16, 2019
BDU:2019-01656
Уязвимость компонента Server: Security: Privileges системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: July 16, 2019
BDU:2019-03233
Уязвимость подкомпонента Server : Pluggable Auth компонента MySQL Server системы управления базами данных Oracle MySQL, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.0)
Links:
Published: July 16, 2019
BDU:2019-03235
Уязвимость подкомпонента Server: Security: Privileges компонента MySQL Server системы управления базами данных Oracle MySQL, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.1) Vector: AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Links:
Published: July 16, 2019
BDU:2019-03236
Уязвимость подкомпонента Server: XML компонента MySQL Server системы управления базами данных Oracle MySQL, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Oct. 15, 2019
BDU:2019-03900
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 14, 2020
BDU:2020-00431
Уязвимость компонента C API системы управления базами данных MySQL Client, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.9) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: July 23, 2019
BDU:2020-01528
Уязвимость компонента Server: Parser системы управления базами данных MySQL ,позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 14, 2020
BDU:2020-02584
Уязвимость компонента C API системы управления базами данных MySQL Client, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: LOW (3.7) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Links:
Published: April 12, 2020
BDU:2020-02644
Уязвимость компонента C API системы управления базами данных MySQL Client, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.3) Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 12, 2020
BDU:2020-02647
Уязвимость компонента Server: DML системы управления базами данных MySQL Client, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 12, 2020
BDU:2020-02648
Уязвимость компонента Server: Stored Procedure системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 19, 2021
BDU:2021-00422
Уязвимость компонента C API системы управления базами данных MySQL Client, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: LOW (3.7) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Links:
Published: April 20, 2021
BDU:2021-02455
Уязвимость компонента Server: Parser системы управления базами данных Oracle MySQL Server, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.2) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Links:
Published: April 14, 2005
Modified: Aug. 5, 2022
Modified: Aug. 5, 2022
CVE-2005-0004
The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.
Severity: MEDIUM (4.6)
Links:
Published: Jan. 15, 2014
Modified: Sept. 29, 2022
Modified: Sept. 29, 2022
CVE-2013-5908
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.
Severity: LOW (2.6)
Links:
Published: Feb. 1, 2014
Modified: Dec. 17, 2019
Modified: Dec. 17, 2019
CVE-2014-0001
Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.
Severity: HIGH (7.5)
Links:
- http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64
- https://bugzilla.redhat.com/show_bug.cgi?id=1054592
- 102713
- 102714
- https://mariadb.com/kb/en/mariadb-5535-changelog/
- RHSA-2014:0189
- RHSA-2014:0164
- RHSA-2014:0186
- RHSA-2014:0173
- MDVSA-2014:029
- 65298
- GLSA-201409-04
- mysql-cve20140001-bo(90901)
- 1029708
- 52161
Published: April 16, 2014
Modified: Aug. 29, 2022
Modified: Aug. 29, 2022
CVE-2014-0384
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.
Severity: MEDIUM (4.0)
Links:
Published: Jan. 15, 2014
Modified: Sept. 16, 2022
Modified: Sept. 16, 2022
CVE-2014-0401
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.
Severity: MEDIUM (4.0)
Links:
Published: Jan. 15, 2014
Modified: Aug. 29, 2022
Modified: Aug. 29, 2022
CVE-2014-0412
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Severity: MEDIUM (4.0)
Links:
Published: Jan. 15, 2014
Modified: Sept. 21, 2022
Modified: Sept. 21, 2022
CVE-2014-0420
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.
Severity: LOW (2.8)
Links:
Published: Jan. 15, 2014
Modified: Sept. 16, 2022
Modified: Sept. 16, 2022
CVE-2014-0437
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Severity: LOW (3.5)
Links:
Published: April 16, 2014
Modified: Aug. 29, 2022
Modified: Aug. 29, 2022
CVE-2014-2419
Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.
Severity: MEDIUM (4.0)
Links:
Published: April 16, 2014
Modified: Sept. 16, 2022
Modified: Sept. 16, 2022
CVE-2014-2430
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.
Severity: LOW (3.5)
Links:
Published: April 16, 2014
Modified: Sept. 29, 2022
Modified: Sept. 29, 2022
CVE-2014-2431
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.
Severity: LOW (2.6)
Links:
Published: April 16, 2014
Modified: Sept. 21, 2022
Modified: Sept. 21, 2022
CVE-2014-2432
Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.
Severity: LOW (2.8)
Links:
Published: April 16, 2014
Modified: July 19, 2022
Modified: July 19, 2022
CVE-2014-2436
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.
Severity: MEDIUM (6.5)
Links:
Published: April 16, 2014
Modified: Sept. 16, 2022
Modified: Sept. 16, 2022
CVE-2014-2438
Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.
Severity: LOW (3.5)
Links:
Published: April 16, 2014
Modified: Aug. 4, 2022
Modified: Aug. 4, 2022
CVE-2014-2440
Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Severity: MEDIUM (5.1)
Links:
Published: July 17, 2014
Modified: Aug. 26, 2022
Modified: Aug. 26, 2022
CVE-2014-2494
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.
Severity: MEDIUM (4.0)
Links:
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- DSA-2985
- SUSE-SU-2014:1072
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- SUSE-SU-2015:0743
- 1030578
- 60425
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
Published: July 17, 2014
Modified: Aug. 26, 2022
Modified: Aug. 26, 2022
CVE-2014-4207
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.
Severity: MEDIUM (4.0)
Links:
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- 68593
- DSA-2985
- SUSE-SU-2014:1072
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- SUSE-SU-2015:0743
- 1030578
- 60425
- oracle-cpujul2014-cve20144207(94624)
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
Published: July 17, 2014
Modified: Sept. 21, 2022
Modified: Sept. 21, 2022
CVE-2014-4243
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.
Severity: LOW (2.8)
Links:
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- 68611
- SUSE-SU-2014:1072
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- 1030578
- 60425
- oracle-cpujul2014-cve20144243(94628)
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
Published: July 17, 2014
Modified: July 18, 2022
Modified: July 18, 2022
CVE-2014-4258
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.
Severity: MEDIUM (6.5)
Links:
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- 68564
- DSA-2985
- SUSE-SU-2014:1072
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- SUSE-SU-2015:0743
- 1030578
- 60425
- oracle-cpujul2014-cve20144258(94620)
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
Published: July 17, 2014
Modified: July 19, 2022
Modified: July 19, 2022
CVE-2014-4260
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.
Severity: MEDIUM (5.5)
Links:
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- 68573
- DSA-2985
- SUSE-SU-2014:1072
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- SUSE-SU-2015:0743
- 1030578
- 60425
- oracle-cpujul2014-cve20144260(94621)
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
Published: Oct. 15, 2014
Modified: Aug. 29, 2022
Modified: Aug. 29, 2022
CVE-2014-4274
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM.
Severity: MEDIUM (4.1)
Links:
Published: Oct. 15, 2014
Modified: Aug. 26, 2022
Modified: Aug. 26, 2022
CVE-2014-4287
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.
Severity: MEDIUM (4.0)
Links:
Published: Oct. 15, 2014
Modified: Sept. 20, 2022
Modified: Sept. 20, 2022
CVE-2014-6463
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.
Severity: LOW (3.3)
Links:
Published: Oct. 15, 2014
Modified: Aug. 26, 2022
Modified: Aug. 26, 2022
CVE-2014-6464
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.
Severity: MEDIUM (4.0)
Links:
Published: Oct. 15, 2014
Modified: June 30, 2022
Modified: June 30, 2022
CVE-2014-6469
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.
Severity: MEDIUM (6.8)
Links:
Published: Oct. 15, 2014
Modified: Aug. 29, 2022
Modified: Aug. 29, 2022
CVE-2014-6478
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.
Severity: MEDIUM (4.3)
Links:
Published: Oct. 15, 2014
Modified: Aug. 26, 2022
Modified: Aug. 26, 2022
CVE-2014-6484
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML.
Severity: MEDIUM (4.0)
Links:
Published: Oct. 16, 2014
Modified: July 1, 2022
Modified: July 1, 2022
CVE-2014-6491
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500.
Severity: HIGH (7.5)
Links:
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- 61579
- 70444
- GLSA-201411-02
- 62073
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- SUSE-SU-2015:0743
Published: Oct. 16, 2014
Modified: Aug. 29, 2022
Modified: Aug. 29, 2022
CVE-2014-6494
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496.
Severity: MEDIUM (4.3)
Links:
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- 70497
- 61579
- GLSA-201411-02
- 62073
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- SUSE-SU-2015:0743
Published: Oct. 16, 2014
Modified: Aug. 29, 2022
Modified: Aug. 29, 2022
CVE-2014-6495
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.
Severity: MEDIUM (4.3)
Links:
Published: Oct. 16, 2014
Modified: Aug. 29, 2022
Modified: Aug. 29, 2022
CVE-2014-6496
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.
Severity: MEDIUM (4.3)
Links:
Published: Oct. 16, 2014
Modified: July 1, 2022
Modified: July 1, 2022
CVE-2014-6500
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491.
Severity: HIGH (7.5)
Links:
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- 61579
- 70478
- GLSA-201411-02
- 62073
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- SUSE-SU-2015:0743
Published: Oct. 16, 2014
Modified: Aug. 26, 2022
Modified: Aug. 26, 2022
CVE-2014-6505
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.
Severity: MEDIUM (4.0)
Links:
Published: Oct. 16, 2014
Modified: Aug. 29, 2022
Modified: Aug. 29, 2022
CVE-2014-6507
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.
Severity: MEDIUM (4.3)
Links:
Published: Oct. 16, 2014
Modified: Aug. 26, 2022
Modified: Aug. 26, 2022
CVE-2014-6520
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.
Severity: MEDIUM (4.0)
Links:
Published: Oct. 16, 2014
Modified: July 18, 2022
Modified: July 18, 2022
CVE-2014-6530
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP.
Severity: MEDIUM (6.5)
Links:
Published: Oct. 16, 2014
Modified: Sept. 16, 2022
Modified: Sept. 16, 2022
CVE-2014-6551
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.
Severity: LOW (2.1)
Links:
Published: Oct. 16, 2014
Modified: July 18, 2022
Modified: July 18, 2022
CVE-2014-6555
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.
Severity: MEDIUM (6.5)
Links:
Published: Oct. 16, 2014
Modified: Aug. 29, 2022
Modified: Aug. 29, 2022
CVE-2014-6559
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.
Severity: MEDIUM (4.3)
Links:
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- 61579
- 70487
- GLSA-201411-02
- 62073
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- SUSE-SU-2015:0743
Published: Jan. 21, 2015
Modified: Sept. 16, 2022
Modified: Sept. 16, 2022
CVE-2014-6568
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.
Severity: LOW (3.5)
Links:
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- 72210
- 62732
- 62730
- 62728
- 1031581
- FEDORA-2015-1162
- USN-2480-1
- DSA-3135
- RHSA-2015:0116
- RHSA-2015:0117
- RHSA-2015:0118
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- GLSA-201504-05
- RHSA-2015:1628
- SUSE-SU-2015:0743
Published: Jan. 21, 2015
Modified: Sept. 20, 2022
Modified: Sept. 20, 2022
CVE-2015-0374
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.
Severity: LOW (3.5)
Links:
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- 72227
- 62732
- 62730
- 62728
- 1031581
- FEDORA-2015-1162
- USN-2480-1
- DSA-3135
- RHSA-2015:0116
- RHSA-2015:0117
- RHSA-2015:0118
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- GLSA-201504-05
- RHSA-2015:1628
- SUSE-SU-2015:0743
- oracle-cpujan2015-cve20150374(100191)
Published: Jan. 21, 2015
Modified: Aug. 30, 2022
Modified: Aug. 30, 2022
CVE-2015-0381
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.
Severity: MEDIUM (4.3)
Links:
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- 72214
- 62732
- 62730
- 62728
- 1031581
- FEDORA-2015-1162
- USN-2480-1
- DSA-3135
- RHSA-2015:0116
- RHSA-2015:0117
- RHSA-2015:0118
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- GLSA-201504-05
- RHSA-2015:1628
- SUSE-SU-2015:0743
- oracle-cpujan2015-cve20150381(100185)
Published: Jan. 21, 2015
Modified: Aug. 30, 2022
Modified: Aug. 30, 2022
CVE-2015-0382
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.
Severity: MEDIUM (4.3)
Links:
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- 72200
- 62732
- 62730
- 62728
- 1031581
- FEDORA-2015-1162
- USN-2480-1
- DSA-3135
- RHSA-2015:0116
- RHSA-2015:0117
- RHSA-2015:0118
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- GLSA-201504-05
- RHSA-2015:1628
- SUSE-SU-2015:0743
- oracle-cpujan2015-cve20150382(100184)
Published: Jan. 21, 2015
Modified: Aug. 26, 2022
Modified: Aug. 26, 2022
CVE-2015-0391
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
Severity: MEDIUM (4.0)
Links:
Published: Jan. 21, 2015
Modified: July 1, 2022
Modified: July 1, 2022
CVE-2015-0411
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.
Severity: HIGH (7.5)
Links:
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- 62732
- 62730
- 62728
- 1031581
- FEDORA-2015-1162
- USN-2480-1
- DSA-3135
- RHSA-2015:0116
- RHSA-2015:0117
- RHSA-2015:0118
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- GLSA-201504-05
- RHSA-2015:1628
- 72191
- SUSE-SU-2015:0743
- oracle-cpujan2015-cve20150411(100183)
Published: Jan. 21, 2015
Modified: Aug. 29, 2022
Modified: Aug. 29, 2022
CVE-2015-0432
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.
Severity: MEDIUM (4.0)
Links:
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- 62732
- 62730
- 62728
- 1031581
- FEDORA-2015-1162
- USN-2480-1
- DSA-3135
- RHSA-2015:0116
- RHSA-2015:0117
- RHSA-2015:0118
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- GLSA-201504-05
- RHSA-2015:1628
- 72217
- SUSE-SU-2015:0743
- oracle-cpujan2015-cve20150432(100187)
Published: April 16, 2015
Modified: Aug. 26, 2022
Modified: Aug. 26, 2022
CVE-2015-0433
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.
Severity: MEDIUM (4.0)
Links:
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- SUSE-SU-2015:0946
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- GLSA-201507-19
- RHSA-2015:1629
- RHSA-2015:1628
- USN-2575-1
- 1032121
- DSA-3229
- DSA-3311
- RHSA-2015:1665
- RHSA-2015:1647
Published: April 16, 2015
Modified: Aug. 26, 2022
Modified: Aug. 26, 2022
CVE-2015-0441
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.
Severity: MEDIUM (4.0)
Links:
Published: April 16, 2015
Modified: Sept. 20, 2022
Modified: Sept. 20, 2022
CVE-2015-0499
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.
Severity: LOW (3.5)
Links:
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/
- MDVSA-2015:227
- SUSE-SU-2015:0946
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- GLSA-201507-19
- RHSA-2015:1629
- RHSA-2015:1628
- USN-2575-1
- 1032121
- DSA-3229
- DSA-3311
- RHSA-2015:1665
- RHSA-2015:1647
Published: April 16, 2015
Modified: July 19, 2022
Modified: July 19, 2022
CVE-2015-0501
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.
Severity: MEDIUM (5.7)
Links:
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/
- MDVSA-2015:227
- SUSE-SU-2015:0946
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
- GLSA-201507-19
- RHSA-2015:1629
- RHSA-2015:1628
- USN-2575-1
- 1032121
- DSA-3229
- DSA-3311
- RHSA-2015:1665
- RHSA-2015:1647
Published: April 16, 2015
Modified: Sept. 16, 2022
Modified: Sept. 16, 2022
CVE-2015-0505
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
Severity: LOW (3.5)
Links:
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/
- MDVSA-2015:227
- SUSE-SU-2015:0946
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- GLSA-201507-19
- RHSA-2015:1629
- RHSA-2015:1628
- USN-2575-1
- 1032121
- 74112
- DSA-3229
- DSA-3311
- RHSA-2015:1665
- RHSA-2015:1647
Published: Jan. 14, 2020
Modified: Aug. 5, 2022
Modified: Aug. 5, 2022
CVE-2015-2325
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: April 16, 2015
Modified: Aug. 4, 2022
Modified: Aug. 4, 2022
CVE-2015-2568
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.
Severity: MEDIUM (5.0)
Links:
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- SUSE-SU-2015:0946
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- GLSA-201507-19
- RHSA-2015:1629
- RHSA-2015:1628
- USN-2575-1
- 1032121
- 74073
- DSA-3229
- DSA-3311
- RHSA-2015:1665
- RHSA-2015:1647
Published: April 16, 2015
Modified: Sept. 9, 2022
Modified: Sept. 9, 2022
CVE-2015-2571
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
Severity: MEDIUM (4.0)
Links:
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/
- MDVSA-2015:227
- SUSE-SU-2015:0946
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- GLSA-201507-19
- RHSA-2015:1629
- RHSA-2015:1628
- USN-2575-1
- 1032121
- 74095
- DSA-3229
- DSA-3311
- RHSA-2015:1665
- RHSA-2015:1647
Published: April 16, 2015
Modified: Sept. 9, 2022
Modified: Sept. 9, 2022
CVE-2015-2573
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
Severity: MEDIUM (4.0)
Links:
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- SUSE-SU-2015:0946
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- GLSA-201507-19
- RHSA-2015:1629
- RHSA-2015:1628
- USN-2575-1
- 1032121
- 74078
- DSA-3229
- DSA-3311
- RHSA-2015:1665
- RHSA-2015:1647
Published: July 16, 2015
Modified: Sept. 9, 2022
Modified: Sept. 9, 2022
CVE-2015-2582
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
Severity: MEDIUM (4.0)
Links:
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- USN-2674-1
- RHSA-2015:1630
- DSA-3308
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- 75751
- RHSA-2015:1629
- RHSA-2015:1628
- openSUSE-SU-2015:1629
- GLSA-201610-06
- 1032911
- DSA-3311
- RHSA-2015:1665
- RHSA-2015:1647
- RHSA-2015:1646
Published: July 16, 2015
Modified: Aug. 29, 2022
Modified: Aug. 29, 2022
CVE-2015-2620
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.
Severity: MEDIUM (4.3)
Links:
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- USN-2674-1
- RHSA-2015:1630
- DSA-3308
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- 75837
- RHSA-2015:1629
- RHSA-2015:1628
- openSUSE-SU-2015:1629
- GLSA-201610-06
- 1032911
- RHSA-2015:1665
- RHSA-2015:1647
- RHSA-2015:1646
Published: July 16, 2015
Modified: Sept. 8, 2022
Modified: Sept. 8, 2022
CVE-2015-2643
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
Severity: MEDIUM (4.0)
Links:
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- USN-2674-1
- RHSA-2015:1630
- DSA-3308
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- 75830
- RHSA-2015:1629
- RHSA-2015:1628
- openSUSE-SU-2015:1629
- GLSA-201610-06
- 1032911
- DSA-3311
- RHSA-2015:1665
- RHSA-2015:1647
- RHSA-2015:1646
Published: July 16, 2015
Modified: Sept. 8, 2022
Modified: Sept. 8, 2022
CVE-2015-2648
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Severity: MEDIUM (4.0)
Links:
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- USN-2674-1
- RHSA-2015:1630
- DSA-3308
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- 75822
- RHSA-2015:1629
- RHSA-2015:1628
- openSUSE-SU-2015:1629
- GLSA-201610-06
- 1032911
- DSA-3311
- RHSA-2015:1665
- RHSA-2015:1647
- RHSA-2015:1646
Published: May 16, 2016
Modified: Aug. 29, 2022
Modified: Aug. 29, 2022
CVE-2015-3152
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.
Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Links:
- http://www.ocert.org/advisories/ocert-2015-003.html
- https://jira.mariadb.org/browse/MDEV-7937
- https://www.duosecurity.com/blog/backronym-mysql-vulnerability
- https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390
- http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/
- http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/
- https://access.redhat.com/security/cve/cve-2015-3152
- 1032216
- http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html
- 74398
- FEDORA-2015-10831
- FEDORA-2015-10849
- DSA-3311
- RHSA-2015:1665
- RHSA-2015:1647
- RHSA-2015:1646
- 20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade
Published: July 16, 2015
Modified: Sept. 8, 2022
Modified: Sept. 8, 2022
CVE-2015-4752
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.
Severity: MEDIUM (4.0)
Links:
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- USN-2674-1
- RHSA-2015:1630
- DSA-3308
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- 75849
- RHSA-2015:1629
- RHSA-2015:1628
- openSUSE-SU-2015:1629
- GLSA-201610-06
- 1032911
- DSA-3311
- RHSA-2015:1665
- RHSA-2015:1647
- RHSA-2015:1646
Published: July 16, 2015
Modified: Sept. 20, 2022
Modified: Sept. 20, 2022
CVE-2015-4757
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
Severity: LOW (3.5)
Links:
Published: Oct. 22, 2015
Modified: Sept. 8, 2022
Modified: Sept. 8, 2022
CVE-2015-4816
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
Severity: MEDIUM (4.0)
Links:
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- RHSA-2016:0534
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- 77134
- FEDORA-2016-e30164d0a2
- DSA-3385
- USN-2781-1
- 1033894
- DSA-3377
- RHSA-2016:1132
- RHSA-2016:1481
- RHSA-2015:1628
Published: Oct. 22, 2015
Modified: July 1, 2022
Modified: July 1, 2022
CVE-2015-4819
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.
Severity: HIGH (7.2)
Links:
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- RHSA-2016:0534
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- 77196
- FEDORA-2016-e30164d0a2
- DSA-3385
- USN-2781-1
- 1033894
- DSA-3377
- RHSA-2016:1132
- RHSA-2016:1481
- RHSA-2015:1628
Published: Oct. 22, 2015
Modified: Sept. 20, 2022
Modified: Sept. 20, 2022
CVE-2015-4864
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.
Severity: LOW (3.5)
Links:
Published: Oct. 22, 2015
Modified: Aug. 5, 2022
Modified: Aug. 5, 2022
CVE-2015-4879
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.
Severity: MEDIUM (4.6)
Links:
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- RHSA-2016:0534
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- 77140
- FEDORA-2016-e30164d0a2
- DSA-3385
- USN-2781-1
- 1033894
- DSA-3377
- RHSA-2016:1132
- RHSA-2016:1481
- RHSA-2015:1628
Published: Jan. 16, 2019
Modified: Aug. 19, 2022
Modified: Aug. 19, 2022
CVE-2019-2481
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 23, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-2614
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.4) Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://support.f5.com/csp/article/K52514501
- USN-3957-1
- USN-3957-2
- USN-3957-3
- RHSA-2019:2327
- USN-4070-3
- RHSA-2019:2484
- openSUSE-SU-2019:1915
- openSUSE-SU-2019:1913
- RHSA-2019:2511
- RHSA-2019:3708
- FEDORA-2019-c106e46a95
- FEDORA-2019-96516ce0ac
Published: April 23, 2019
Modified: Aug. 5, 2022
Modified: Aug. 5, 2022
CVE-2019-2627
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: July 24, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-2737
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- USN-4070-1
- 20190802 [slackware-security] mariadb (SSA:2019-213-01)
- http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html
- USN-4070-2
- USN-4070-3
- RHSA-2019:2484
- RHSA-2019:2511
- https://support.f5.com/csp/article/K51272092
- RHSA-2019:3708
- openSUSE-SU-2019:2698
- FEDORA-2019-c106e46a95
- FEDORA-2019-96516ce0ac
- https://support.f5.com/csp/article/K51272092?utm_source=f5support&amp%3Butm_medium=RSS
Published: July 24, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-2739
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
Severity: MEDIUM (5.1) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- USN-4070-1
- 20190802 [slackware-security] mariadb (SSA:2019-213-01)
- http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html
- USN-4070-2
- USN-4070-3
- RHSA-2019:2484
- RHSA-2019:2511
- https://support.f5.com/csp/article/K51272092
- RHSA-2019:3708
- openSUSE-SU-2019:2698
- FEDORA-2019-c106e46a95
- FEDORA-2019-96516ce0ac
- https://support.f5.com/csp/article/K51272092?utm_source=f5support&amp%3Butm_medium=RSS
Published: July 24, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-2740
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- USN-4070-1
- 20190802 [slackware-security] mariadb (SSA:2019-213-01)
- http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html
- USN-4070-2
- USN-4070-3
- RHSA-2019:2484
- RHSA-2019:2511
- https://support.f5.com/csp/article/K03444640
- RHSA-2019:3708
- openSUSE-SU-2019:2698
- FEDORA-2019-c106e46a95
- FEDORA-2019-96516ce0ac
- https://support.f5.com/csp/article/K03444640?utm_source=f5support&amp%3Butm_medium=RSS
Published: July 24, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-2805
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- USN-4070-1
- 20190802 [slackware-security] mariadb (SSA:2019-213-01)
- http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html
- USN-4070-2
- USN-4070-3
- RHSA-2019:2484
- RHSA-2019:2511
- https://support.f5.com/csp/article/K04831884
- RHSA-2019:3708
- openSUSE-SU-2019:2698
- https://support.f5.com/csp/article/K04831884?utm_source=f5support&amp%3Butm_medium=RSS
Published: Oct. 16, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-2974
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 15, 2020
Modified: Aug. 4, 2022
Modified: Aug. 4, 2022
CVE-2020-2574
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 15, 2020
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2020-2752
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 15, 2020
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2020-2780
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 15, 2020
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2020-2812
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 15, 2020
Modified: Oct. 28, 2022
Modified: Oct. 28, 2022
CVE-2020-2922
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Severity: LOW (3.7) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Links:
Published: Jan. 20, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-2007
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Severity: LOW (3.7) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Links:
Published: April 23, 2021
Modified: July 1, 2022
Modified: July 1, 2022
CVE-2021-2144
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Severity: HIGH (7.2) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Links: