MidnightBSD

Advisories for mariadb

CVE-2005-0004 MEDIUM

The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
oracle mysql *
mariadb mariadb *
debian debian_linux 3.0
CVE-2009-4484 HIGH

Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 11.10
canonical ubuntu_linux 6.06
debian debian_linux 4.0
canonical ubuntu_linux 9.04
canonical ubuntu_linux 8.04
debian debian_linux 5.0
canonical ubuntu_linux 10.10
canonical ubuntu_linux 8.10
canonical ubuntu_linux 9.10
oracle mysql 5.0.0
oracle mysql *
debian debian_linux 6.0
mariadb mariadb *
canonical ubuntu_linux 11.04
canonical ubuntu_linux 10.04
wolfssl yassl *
CVE-2012-0540 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 6.3
oracle mysql *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_desktop 6.0
mariadb mariadb *
CVE-2012-1688 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 6.3
oracle mysql *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_desktop 6.0
mariadb mariadb *
CVE-2012-1689 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 6.3
oracle mysql *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_desktop 6.0
mariadb mariadb *
CVE-2012-1690 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1703.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 6.3
oracle mysql *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_desktop 6.0
mariadb mariadb *
CVE-2012-1697 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
mariadb mariadb *
CVE-2012-1703 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1690.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_eus 6.3.z
oracle mysql *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_hpc_node 6.0
redhat enterprise_linux_desktop 6.0
mariadb mariadb *
CVE-2012-1734 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 6.3
oracle mysql *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_desktop 6.0
mariadb mariadb *
CVE-2012-1735 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
mariadb mariadb *
CVE-2012-2122 MEDIUM

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
oracle mysql 5.1.57
mariadb mariadb 5.5.22
oracle mysql 5.1.61
mariadb mariadb 5.3.0
mariadb mariadb 5.2.1
mariadb mariadb 5.1.51
mariadb mariadb 5.1.55
mariadb mariadb 5.2.8
mariadb mariadb 5.1.42
mariadb mariadb 5.2.2
oracle mysql 5.1.54
mariadb mariadb 5.2.7
mariadb mariadb 5.2.9
oracle mysql 5.1.55
mariadb mariadb 5.5.20
mariadb mariadb 5.1.49
mariadb mariadb 5.2.3
oracle mysql 5.6.5
oracle mysql 5.1.52
mariadb mariadb 5.1.50
oracle mysql 5.1.51
oracle mysql 5.1.58
mariadb mariadb 5.1.60
mariadb mariadb 5.3.3
oracle mysql 5.5.15
mariadb mariadb 5.3.1
oracle mysql 5.5.10
oracle mysql 5.5.13
mariadb mariadb 5.2.11
oracle mysql 5.5.20
mariadb mariadb 5.3.6
oracle mysql 5.5.12
mariadb mariadb 5.3.5
oracle mysql 5.1.60
mariadb mariadb 5.3.4
oracle mysql 5.5.16
mariadb mariadb 5.2.4
mariadb mariadb 5.1.53
mariadb mariadb 5.3.2
oracle mysql 5.5.17
oracle mysql 5.1.59
oracle mysql 5.1.53
mariadb mariadb 5.2.5
oracle mysql 5.5.18
oracle mysql 5.6.4
mariadb mariadb 5.1.41
mariadb mariadb 5.2.10
mariadb mariadb 5.2.0
oracle mysql 5.5.19
oracle mysql 5.1.56
mariadb mariadb 5.1.44
oracle mysql 5.5.11
oracle mysql 5.5.14
mariadb mariadb 5.1.47
mariadb mariadb 5.2.6
oracle mysql 5.5.21
oracle mysql 5.6.2
mariadb mariadb 5.5.21
mariadb mariadb 5.1.61
oracle mysql 5.6.3
CVE-2012-3173 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 11.10
canonical ubuntu_linux 12.10
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_desktop 6.0
debian debian_linux 7.0
redhat enterprise_linux_eus 6.3
oracle mysql *
debian debian_linux 6.0
mariadb mariadb *
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2012-4414 MEDIUM

Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
oracle mysql 5.1.57
mariadb mariadb 5.5.22
oracle mysql 5.1.61
mariadb mariadb 5.3.0
mariadb mariadb 5.2.1
oracle mysql 5.5.22
oracle mysql 5.1.65
oracle mysql 5.1.62
mariadb mariadb 5.1.51
oracle mysql 5.5.26
mariadb mariadb 5.1.55
oracle mysql 5.1.63
mariadb mariadb 5.1.62
mariadb mariadb 5.2.8
mariadb mariadb 5.1.42
mariadb mariadb 5.2.2
oracle mysql 5.1.54
mariadb mariadb 5.2.7
mariadb mariadb 5.2.9
oracle mysql 5.5.27
mariadb mariadb 5.3.7
oracle mysql 5.1.55
mariadb mariadb 5.5.20
mariadb mariadb 5.1.49
mariadb mariadb 5.2.3
mariadb mariadb 5.5.23
oracle mysql 5.1.52
mariadb mariadb 5.1.50
oracle mysql 5.1.51
oracle mysql 5.1.66
oracle mysql 5.1.58
mariadb mariadb 5.1.60
mariadb mariadb 5.3.3
oracle mysql 5.5.15
mariadb mariadb 5.5.25
mariadb mariadb 5.3.1
oracle mysql 5.5.10
oracle mysql 5.5.13
mariadb mariadb 5.2.11
oracle mysql 5.5.20
mariadb mariadb 5.3.6
oracle mysql 5.5.12
mariadb mariadb 5.3.5
oracle mysql 5.1.60
mariadb mariadb 5.2.12
mariadb mariadb 5.3.4
oracle mysql 5.5.16
mariadb mariadb 5.2.4
oracle mysql 5.5.24
mariadb mariadb 5.1.53
mariadb mariadb 5.3.2
oracle mysql 5.1.64
oracle mysql 5.5.17
oracle mysql 5.5.25
oracle mysql 5.5.23
oracle mysql 5.1.59
oracle mysql 5.1.53
mariadb mariadb 5.2.5
oracle mysql 5.5.18
mariadb mariadb 5.1.41
mariadb mariadb 5.2.10
mariadb mariadb 5.2.0
oracle mysql 5.5.19
oracle mysql *
oracle mysql 5.1.56
mariadb mariadb 5.5.24
oracle mysql 5.1.67
mariadb mariadb 5.1.44
oracle mysql 5.5.11
oracle mysql 5.5.14
mariadb mariadb 5.1.47
mariadb mariadb 5.2.6
oracle mysql 5.5.21
mariadb mariadb 5.5.21
mariadb mariadb 5.1.61
CVE-2012-5611 MEDIUM

Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mariadb mariadb 5.1.60
mariadb mariadb 5.3.3
mariadb mariadb 5.5.22
mariadb mariadb 5.3.0
mariadb mariadb 5.5.25
mariadb mariadb 5.2.1
mariadb mariadb 5.3.1
mariadb mariadb 5.2.11
mariadb mariadb 5.3.8
mariadb mariadb 5.3.6
mariadb mariadb 5.3.5
mariadb mariadb 5.5.27
mariadb mariadb 5.1.51
mariadb mariadb 5.3.9
mariadb mariadb 5.2.12
mariadb mariadb 5.3.4
mariadb mariadb 5.2.4
mariadb mariadb 5.5.28
mariadb mariadb 5.1.53
mariadb mariadb 5.3.2
mariadb mariadb 5.1.55
mariadb mariadb 5.1.62
mariadb mariadb 5.2.8
mariadb mariadb 5.1.42
oracle mysql 5.1.53
mariadb mariadb 5.2.5
mariadb mariadb 5.3.10
mariadb mariadb 5.2.2
mariadb mariadb 5.1.41
mariadb mariadb 5.2.7
mariadb mariadb 5.2.9
mariadb mariadb 5.2.10
mariadb mariadb 5.2.0
mariadb mariadb 5.3.7
oracle mysql 5.5.19
mariadb mariadb 5.5.20
mariadb mariadb 5.5.24
mariadb mariadb 5.1.44
mariadb mariadb 5.1.49
mariadb mariadb 5.2.3
mariadb mariadb 5.5.23
mariadb mariadb 5.1.47
mariadb mariadb 5.2.6
mariadb mariadb 5.1.50
mariadb mariadb 5.5.21
mariadb mariadb 5.1.61
CVE-2012-5613 MEDIUM

MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-16,

Products Affected

Vendor Product Version
oracle mysql 5.5.19
mariadb mariadb 5.5.28a
CVE-2012-5615 MEDIUM

Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
mariadb mariadb 5.1.66
oracle mysql 5.5.19
mariadb mariadb 5.3.11
mariadb mariadb 5.2.13
mariadb mariadb 5.5.28a
CVE-2013-0367 MEDIUM

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 11.10
canonical ubuntu_linux 12.10
oracle mysql *
mariadb mariadb *
mariadb mariadb 10.0.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2013-0368 MEDIUM

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 11.10
canonical ubuntu_linux 12.10
oracle mysql *
mariadb mariadb *
mariadb mariadb 10.0.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2013-0371 MEDIUM

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 11.10
canonical ubuntu_linux 12.10
oracle mysql *
mariadb mariadb *
mariadb mariadb 10.0.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2013-0375 MEDIUM

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 11.10
redhat enterprise_linux_eus 6.3
canonical ubuntu_linux 12.10
oracle mysql *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_desktop 6.0
mariadb mariadb *
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2013-0383 MEDIUM

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 6.3
canonical ubuntu_linux 12.10
oracle mysql *
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_desktop 6.0
mariadb mariadb *
redhat enterprise_linux 6.0
canonical ubuntu_linux 11.04
mariadb mariadb 10.0.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2013-0384 MEDIUM

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 11.10
redhat enterprise_linux_eus 6.3
canonical ubuntu_linux 12.10
oracle mysql *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
mariadb mariadb 10.0.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2013-0385 MEDIUM

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 11.10
redhat enterprise_linux_eus 6.3
canonical ubuntu_linux 12.10
oracle mysql *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_desktop 6.0
mariadb mariadb *
mariadb mariadb 10.0.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2013-0386 MEDIUM

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 11.10
canonical ubuntu_linux 12.10
oracle mysql *
mariadb mariadb *
mariadb mariadb 10.0.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2013-0389 MEDIUM

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 11.10
canonical ubuntu_linux 12.10
oracle mysql *
mariadb mariadb *
mariadb mariadb 10.0.0
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2013-1502 LOW

Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
mariadb mariadb *
oracle solaris 11.3
CVE-2013-1506 LOW

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_eus 6.4
redhat enterprise_linux_desktop 6.0
mariadb mariadb *
redhat enterprise_linux_server_aus 6.4
CVE-2013-1511 LOW

Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
mariadb mariadb *
oracle solaris 11.3
CVE-2013-1512 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
mariadb mariadb *
CVE-2013-1521 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_eus 6.4
redhat enterprise_linux_desktop 6.0
mariadb mariadb *
redhat enterprise_linux_server_aus 6.4
CVE-2013-1523 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Optimizer.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
mariadb mariadb *
CVE-2013-1526 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
mariadb mariadb *
CVE-2013-1531 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_eus 6.4
redhat enterprise_linux_desktop 6.0
mariadb mariadb *
mariadb mariadb 10.0.0
redhat enterprise_linux_server_aus 6.4
CVE-2013-1532 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_eus 6.4
redhat enterprise_linux_desktop 6.0
mariadb mariadb *
redhat enterprise_linux_server_aus 6.4
CVE-2013-1544 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_eus 6.4
redhat enterprise_linux_desktop 6.0
mariadb mariadb *
redhat enterprise_linux_server_aus 6.4
CVE-2013-1548 LOW

Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_eus 6.4
redhat enterprise_linux_desktop 6.0
mariadb mariadb *
CVE-2013-1552 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_eus 6.4
redhat enterprise_linux_desktop 6.0
mariadb mariadb *
redhat enterprise_linux_server_aus 6.4
CVE-2013-1555 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_eus 6.4
oracle mysql *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_eus 6.4
redhat enterprise_linux_desktop 6.0
mariadb mariadb *
CVE-2013-1861 MEDIUM

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.10
suse linux_enterprise_software_development_kit 11
debian debian_linux 7.0
opensuse opensuse 12.2
redhat enterprise_linux 6.0
opensuse opensuse 12.3
suse linux_enterprise_desktop 11
suse linux_enterprise_server 11
oracle mysql *
canonical ubuntu_linux 13.04
mariadb mariadb *
opensuse opensuse 11.4
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
redhat enterprise_linux 5
CVE-2013-2375 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_eus 6.4
redhat enterprise_linux_desktop 6.0
mariadb mariadb *
redhat enterprise_linux_server_aus 6.4
CVE-2013-2376 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
mariadb mariadb *
oracle solaris 11.3
CVE-2013-2378 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_eus 6.4
redhat enterprise_linux_desktop 6.0
mariadb mariadb *
redhat enterprise_linux_server_aus 6.4
CVE-2013-2389 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_eus 6.4
redhat enterprise_linux_desktop 6.0
mariadb mariadb *
CVE-2013-2391 LOW

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_eus 6.4
redhat enterprise_linux_desktop 6.0
mariadb mariadb *
redhat enterprise_linux_server_aus 6.4
CVE-2013-2392 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_eus 6.4
redhat enterprise_linux_desktop 6.0
mariadb mariadb *
CVE-2013-3783 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.10
suse linux_enterprise_software_development_kit 11
debian debian_linux 7.0
opensuse opensuse 12.2
opensuse opensuse 12.3
suse linux_enterprise_desktop 11
suse linux_enterprise_server 11
oracle mysql *
canonical ubuntu_linux 13.04
mariadb mariadb *
opensuse opensuse 11.4
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2013-3793 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.10
suse linux_enterprise_software_development_kit 11
debian debian_linux 7.0
opensuse opensuse 12.2
oracle solaris 11.3
opensuse opensuse 12.3
suse linux_enterprise_desktop 11
suse linux_enterprise_server 11
oracle mysql *
canonical ubuntu_linux 13.04
mariadb mariadb *
opensuse opensuse 11.4
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2013-3794 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
suse linux_enterprise_server 11
oracle mysql *
suse linux_enterprise_software_development_kit 11
mariadb mariadb *
opensuse opensuse 11.4
opensuse opensuse 12.2
oracle solaris 11.3
opensuse opensuse 12.3
suse linux_enterprise_desktop 11
CVE-2013-3801 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
suse linux_enterprise_server 11
oracle mysql *
suse linux_enterprise_software_development_kit 11
mariadb mariadb *
opensuse opensuse 11.4
opensuse opensuse 12.2
opensuse opensuse 12.3
suse linux_enterprise_desktop 11
CVE-2013-3802 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.10
suse linux_enterprise_software_development_kit 11
debian debian_linux 7.0
opensuse opensuse 12.2
opensuse opensuse 12.3
suse linux_enterprise_desktop 11
suse linux_enterprise_server 11
oracle mysql *
canonical ubuntu_linux 13.04
mariadb mariadb *
opensuse opensuse 11.4
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2013-3804 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.10
suse linux_enterprise_software_development_kit 11
debian debian_linux 7.0
opensuse opensuse 12.2
opensuse opensuse 12.3
suse linux_enterprise_desktop 11
suse linux_enterprise_server 11
oracle mysql *
canonical ubuntu_linux 13.04
mariadb mariadb *
opensuse opensuse 11.4
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2013-3805 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
suse linux_enterprise_server 11
oracle mysql *
suse linux_enterprise_software_development_kit 11
mariadb mariadb *
opensuse opensuse 11.4
opensuse opensuse 12.2
oracle solaris 11.3
opensuse opensuse 12.3
suse linux_enterprise_desktop 11
CVE-2013-3808 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
suse linux_enterprise_server 11
oracle mysql *
suse linux_enterprise_software_development_kit 11
mariadb mariadb *
opensuse opensuse 11.4
opensuse opensuse 12.2
opensuse opensuse 12.3
suse linux_enterprise_desktop 11
CVE-2013-3809 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.10
suse linux_enterprise_software_development_kit 11
opensuse opensuse 12.2
oracle solaris 11.3
opensuse opensuse 12.3
suse linux_enterprise_desktop 11
suse linux_enterprise_server 11
oracle mysql *
canonical ubuntu_linux 13.04
mariadb mariadb *
opensuse opensuse 11.4
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2013-3812 LOW

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.10
suse linux_enterprise_software_development_kit 11
debian debian_linux 7.0
opensuse opensuse 12.2
oracle solaris 11.3
opensuse opensuse 12.3
suse linux_enterprise_desktop 11
suse linux_enterprise_server 11
oracle mysql *
canonical ubuntu_linux 13.04
mariadb mariadb *
opensuse opensuse 11.4
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2013-3839 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.10
canonical ubuntu_linux 13.10
debian debian_linux 7.0
redhat enterprise_linux_server 5.0
oracle mysql *
redhat enterprise_linux_desktop 5.0
canonical ubuntu_linux 13.04
redhat enterprise_linux_workstation 5.0
debian debian_linux 6.0
mariadb mariadb *
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2013-5807 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 5.0
canonical ubuntu_linux 12.10
oracle mysql *
canonical ubuntu_linux 13.10
redhat enterprise_linux_desktop 5.0
canonical ubuntu_linux 13.04
redhat enterprise_linux_workstation 5.0
debian debian_linux 7.0
mariadb mariadb *
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2013-5891 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 5.0
canonical ubuntu_linux 12.10
oracle mysql *
canonical ubuntu_linux 13.10
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
debian debian_linux 7.0
mariadb mariadb *
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2013-5908 LOW

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 6.5
canonical ubuntu_linux 12.10
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
canonical ubuntu_linux 13.10
redhat enterprise_linux_desktop 6.0
debian debian_linux 7.0
redhat enterprise_linux_server_tus 6.5
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_server 5.0
oracle mysql *
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
debian debian_linux 6.0
mariadb mariadb *
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2014-0001 HIGH

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
oracle mysql 5.5.35
redhat enterprise_linux_workstation 6.0
oracle mysql 5.5.36
oracle mysql 5.5.22
oracle mysql 5.6.10
oracle mysql 5.6.12
oracle mysql 5.6.11
redhat enterprise_linux_desktop 5.0
oracle mysql 5.6.6
oracle mysql 5.5.26
oracle mysql 5.5.7
oracle mysql 5.5.4
oracle mysql 5.5.33
oracle mysql 5.5.9
oracle mysql 5.5.2
oracle mysql 5.6.13
redhat enterprise_linux 6.0
oracle mysql 5.6.8
oracle mysql 5.6.16
oracle mysql 5.5.27
oracle mysql 5.5.1
oracle mysql 5.6.9
oracle mysql 5.6.14
oracle mysql 5.6.5
oracle mysql 5.5.6
mariadb mariadb *
oracle mysql 5.6.0
oracle mysql 5.5.31
oracle mysql 5.5.15
oracle mysql 5.5.0
oracle mysql 5.5.10
oracle mysql 5.5.13
oracle mysql 5.5.34
oracle mysql 5.5.20
oracle mysql 5.5.12
oracle mysql 5.5.5
oracle mysql 5.5.16
oracle mysql 5.5.28
oracle mysql 5.5.24
oracle mysql 5.5.30
oracle mysql 5.5.17
oracle mysql 5.5.25
oracle mysql 5.5.23
redhat enterprise_linux_server 6.0
redhat enterprise_linux_desktop 6.0
oracle mysql 5.5.18
oracle mysql 5.6.4
oracle mysql 5.6.7
oracle mysql 5.5.32
oracle mysql 5.6.1
oracle mysql 5.5.19
oracle mysql 5.5.11
oracle mysql 5.5.14
oracle mysql 5.5.29
oracle mysql 5.6.15
oracle mysql 5.5.21
oracle mysql 5.6.2
redhat enterprise_linux 5
oracle mysql 5.5.3
oracle mysql 5.6.3
CVE-2014-0195 MEDIUM

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
fedoraproject fedora 20
opensuse opensuse 13.2
fedoraproject fedora 19
mariadb mariadb *
opensuse leap 42.1
openssl openssl *
CVE-2014-0198 MEDIUM

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
suse linux_enterprise_workstation_extension 12
debian debian_linux 7.0
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
fedoraproject fedora 19
opensuse opensuse 12.3
debian debian_linux 8.0
fedoraproject fedora 20
debian debian_linux 6.0
mariadb mariadb *
opensuse opensuse 13.1
suse linux_enterprise_software_development_kit 12
openssl openssl *
CVE-2014-0221 MEDIUM

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
suse linux_enterprise_workstation_extension 12
opensuse opensuse 13.2
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
fedoraproject fedora 19
redhat enterprise_linux 6.0
opensuse leap 42.1
redhat storage 2.1
fedoraproject fedora 20
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
fedoraproject fedora *
openssl openssl *
redhat enterprise_linux 5
CVE-2014-0224 MEDIUM

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,

Products Affected

Vendor Product Version
python python *
opensuse opensuse 13.2
siemens rox_firmware *
fedoraproject fedora 19
redhat enterprise_linux 6.0
redhat jboss_enterprise_application_platform 6.2.3
redhat jboss_enterprise_web_server 2.0.1
redhat jboss_enterprise_application_platform 5.2.0
nodejs node.js *
redhat storage 2.1
fedoraproject fedora 20
siemens s7-1500_firmware *
siemens cp1543-1_firmware *
mariadb mariadb *
opensuse opensuse 13.1
siemens application_processing_engine_firmware *
filezilla-project filezilla_server *
redhat jboss_enterprise_web_platform 5.2.0
openssl openssl *
redhat enterprise_linux 5
redhat enterprise_linux 4
CVE-2014-0384 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server 5.0
oracle mysql *
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_eus 7.3
CVE-2014-0386 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 6.5
canonical ubuntu_linux 12.10
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
canonical ubuntu_linux 13.10
redhat enterprise_linux_desktop 6.0
debian debian_linux 7.0
redhat enterprise_linux_server_tus 6.5
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_server 5.0
oracle mysql *
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
debian debian_linux 6.0
mariadb mariadb *
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2014-0393 LOW

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 6.5
canonical ubuntu_linux 12.10
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
canonical ubuntu_linux 13.10
redhat enterprise_linux_desktop 6.0
debian debian_linux 7.0
redhat enterprise_linux_server_tus 6.5
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_server 5.0
oracle mysql *
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
debian debian_linux 6.0
mariadb mariadb *
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2014-0401 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 6.5
canonical ubuntu_linux 12.10
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
canonical ubuntu_linux 13.10
redhat enterprise_linux_desktop 6.0
debian debian_linux 7.0
redhat enterprise_linux_server_tus 6.5
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_server 5.0
oracle mysql *
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
debian debian_linux 6.0
mariadb mariadb *
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2014-0402 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 6.5
canonical ubuntu_linux 12.10
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
canonical ubuntu_linux 13.10
redhat enterprise_linux_desktop 6.0
debian debian_linux 7.0
redhat enterprise_linux_server_tus 6.5
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_server 5.0
oracle mysql *
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
debian debian_linux 6.0
mariadb mariadb *
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2014-0412 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 6.5
canonical ubuntu_linux 12.10
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
canonical ubuntu_linux 13.10
redhat enterprise_linux_desktop 6.0
debian debian_linux 7.0
redhat enterprise_linux_server_tus 6.5
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_server 5.0
oracle mysql *
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
debian debian_linux 6.0
mariadb mariadb *
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2014-0420 LOW

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 5.0
canonical ubuntu_linux 12.10
oracle mysql *
canonical ubuntu_linux 13.10
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
debian debian_linux 7.0
mariadb mariadb *
canonical ubuntu_linux 10.04
oracle solaris 11.3
canonical ubuntu_linux 12.04
CVE-2014-0437 LOW

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 6.5
canonical ubuntu_linux 12.10
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
canonical ubuntu_linux 13.10
redhat enterprise_linux_desktop 6.0
debian debian_linux 7.0
redhat enterprise_linux_server_tus 6.5
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_server 5.0
oracle mysql *
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
debian debian_linux 6.0
mariadb mariadb *
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2014-2419 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
oracle solaris 11.3
redhat enterprise_linux_server 5.0
oracle mysql *
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_eus 7.3
CVE-2014-2430 LOW

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
oracle solaris 11.3
redhat enterprise_linux_server 5.0
oracle mysql *
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_eus 7.3
CVE-2014-2431 LOW

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
oracle solaris 11.3
redhat enterprise_linux_server 5.0
oracle mysql *
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_eus 7.3
CVE-2014-2432 LOW

Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
oracle solaris 11.3
redhat enterprise_linux_server 5.0
oracle mysql *
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_eus 7.3
CVE-2014-2436 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
oracle solaris 11.3
redhat enterprise_linux_server 5.0
oracle mysql *
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_eus 7.3
CVE-2014-2438 LOW

Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server 5.0
oracle mysql *
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_eus 7.3
CVE-2014-2440 MEDIUM

Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
oracle solaris 11.3
redhat enterprise_linux_server 5.0
oracle mysql *
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_eus 7.3
CVE-2014-2494 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
suse linux_enterprise_server 11
oracle mysql *
suse linux_enterprise_software_development_kit 11
suse linux_enterprise_workstation_extension 12
debian debian_linux 7.0
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_desktop 11
CVE-2014-3470 MEDIUM

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
suse linux_enterprise_workstation_extension 12
opensuse opensuse 13.2
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
fedoraproject fedora 19
redhat enterprise_linux 6.0
opensuse leap 42.1
redhat storage 2.1
fedoraproject fedora 20
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
fedoraproject fedora *
openssl openssl *
redhat enterprise_linux 5
CVE-2014-4207 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
suse linux_enterprise_server 11
oracle mysql *
suse linux_enterprise_software_development_kit 11
suse linux_enterprise_workstation_extension 12
debian debian_linux 7.0
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_desktop 11
CVE-2014-4243 LOW

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
suse linux_enterprise_server 11
oracle mysql *
suse linux_enterprise_software_development_kit 11
mariadb mariadb *
oracle solaris 11.3
suse linux_enterprise_desktop 11
CVE-2014-4258 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
suse linux_enterprise_software_development_kit 11
suse linux_enterprise_workstation_extension 12
debian debian_linux 7.0
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
vmware vcenter_server_appliance 5.5
vmware vcenter_server_appliance 5.0
oracle solaris 11.3
suse linux_enterprise_desktop 11
suse linux_enterprise_server 11
oracle mysql *
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
opensuse_project suse_linux_enterprise_server 11.0
vmware vcenter_server_appliance 5.1
opensuse_project suse_linux_enterprise_desktop 11.0
opensuse_project suse_linux_enterprise_software_development_kit 11.0
CVE-2014-4260 MEDIUM

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
suse linux_enterprise_server 11
oracle mysql *
suse linux_enterprise_software_development_kit 11
suse linux_enterprise_workstation_extension 12
debian debian_linux 7.0
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
oracle solaris 11.3
suse linux_enterprise_desktop 11
CVE-2014-4274 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
mariadb mariadb *
oracle solaris 11.3
CVE-2014-4287 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
CVE-2014-6463 LOW

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
oracle solaris 11.3
CVE-2014-6464 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
CVE-2014-6469 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
oracle solaris 11.3
CVE-2014-6474 LOW

Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
CVE-2014-6478 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
oracle solaris 11.3
juniper junos_space *
CVE-2014-6484 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
CVE-2014-6489 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
mariadb mariadb *
CVE-2014-6491 HIGH

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
mariadb mariadb *
oracle solaris 11.3
juniper junos_space *
CVE-2014-6494 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
oracle solaris 11.3
juniper junos_space *
CVE-2014-6495 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
oracle solaris 11.3
juniper junos_space *
CVE-2014-6496 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
oracle solaris 11.3
juniper junos_space *
CVE-2014-6500 HIGH

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
mariadb mariadb *
oracle solaris 11.3
juniper junos_space *
CVE-2014-6505 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
CVE-2014-6507 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
oracle solaris 11.3
CVE-2014-6520 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
CVE-2014-6530 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
oracle solaris 11.3
CVE-2014-6551 LOW

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
oracle solaris 11.3
CVE-2014-6555 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
CVE-2014-6559 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
oracle solaris 11.3
juniper junos_space *
CVE-2014-6564 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
CVE-2014-6568 LOW

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
suse linux_enterprise_workstation_extension 12
redhat enterprise_linux_server_tus 7.7
suse linux_enterprise_desktop 12
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
debian debian_linux 7.0
suse linux_enterprise_server 12
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
canonical ubuntu_linux 14.10
redhat enterprise_linux_server 5.0
oracle mysql *
fedoraproject fedora 20
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2014-8964 MEDIUM

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
fedoraproject fedora 21
redhat enterprise_linux_server_tus 7.7
opensuse opensuse 13.2
redhat enterprise_linux_server 7.0
fedoraproject fedora 19
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_aus 7.3
fedoraproject fedora 20
pcre pcre *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
opensuse opensuse 13.1
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_eus 7.3
oracle solaris 11.2
CVE-2015-0374 LOW

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
suse linux_enterprise_workstation_extension 12
redhat enterprise_linux_server_tus 7.7
suse linux_enterprise_desktop 12
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
debian debian_linux 7.0
suse linux_enterprise_server 12
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
canonical ubuntu_linux 14.10
redhat enterprise_linux_server 5.0
oracle mysql *
fedoraproject fedora 20
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-0381 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_desktop 12
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_aus 7.3
oracle communications_policy_management 10.4.1
canonical ubuntu_linux 14.04
oracle communications_policy_management 12.1.1
redhat enterprise_linux_desktop 5.0
oracle communications_policy_management 9.9.1
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
oracle communications_policy_management *
debian debian_linux 7.0
suse linux_enterprise_server 12
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
canonical ubuntu_linux 14.10
redhat enterprise_linux_server 5.0
oracle mysql *
fedoraproject fedora 20
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-0382 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_desktop 12
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_aus 7.3
oracle communications_policy_management 10.4.1
canonical ubuntu_linux 14.04
oracle communications_policy_management 12.1.1
redhat enterprise_linux_desktop 5.0
oracle communications_policy_management 9.9.1
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
oracle communications_policy_management *
debian debian_linux 7.0
suse linux_enterprise_server 12
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
canonical ubuntu_linux 14.10
redhat enterprise_linux_server 5.0
oracle mysql *
fedoraproject fedora 20
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-0391 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
suse linux_enterprise_workstation_extension 12
redhat enterprise_linux_server_tus 7.7
suse linux_enterprise_desktop 12
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
suse linux_enterprise_server 12
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server 5.0
oracle mysql *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
CVE-2015-0411 HIGH

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 7.0
redhat enterprise_linux 7.0
oracle solaris 11.3
canonical ubuntu_linux 14.10
oracle mysql *
oracle communications_policy_management 10.4.1
canonical ubuntu_linux 14.04
fedoraproject fedora 20
oracle communications_policy_management 12.1.1
oracle communications_policy_management 9.9.1
mariadb mariadb *
oracle communications_policy_management *
canonical ubuntu_linux 12.04
CVE-2015-0432 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_hpc_node 7.0
suse linux_enterprise_workstation_extension 12
debian debian_linux 7.0
suse linux_enterprise_desktop 12
redhat enterprise_linux_server 7.0
suse linux_enterprise_server 12
redhat enterprise_linux_workstation 7.0
oracle solaris 11.3
canonical ubuntu_linux 14.10
redhat enterprise_linux_server 5.0
oracle mysql *
canonical ubuntu_linux 14.04
fedoraproject fedora 20
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
canonical ubuntu_linux 12.04
CVE-2015-0433 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
suse linux_enterprise_desktop 11
redhat enterprise_linux_server_aus 7.3
oracle communications_policy_management 10.4.1
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.1
oracle communications_policy_management 12.1.1
redhat enterprise_linux_desktop 5.0
oracle communications_policy_management 9.9.1
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
oracle communications_policy_management *
suse linux_enterprise_software_development_kit 11
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
canonical ubuntu_linux 14.10
redhat enterprise_linux_server 5.0
suse linux_enterprise_server 11
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-0441 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
suse linux_enterprise_desktop 11
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.1
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
suse linux_enterprise_software_development_kit 11
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
canonical ubuntu_linux 14.10
redhat enterprise_linux_server 5.0
suse linux_enterprise_server 11
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-0499 LOW

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
suse linux_enterprise_desktop 11
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.1
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
suse linux_enterprise_software_development_kit 11
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
canonical ubuntu_linux 14.10
redhat enterprise_linux_server 5.0
suse linux_enterprise_server 11
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-0501 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
suse linux_enterprise_desktop 11
juniper junos_space *
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.1
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
suse linux_enterprise_software_development_kit 11
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
canonical ubuntu_linux 14.10
redhat enterprise_linux_server 5.0
suse linux_enterprise_server 11
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-0505 LOW

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
suse linux_enterprise_desktop 11
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.1
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
suse linux_enterprise_software_development_kit 11
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
canonical ubuntu_linux 14.10
redhat enterprise_linux_server 5.0
suse linux_enterprise_server 11
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-2325 MEDIUM

The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-787,

Products Affected

Vendor Product Version
php php *
opensuse opensuse 13.2
pcre pcre *
mariadb mariadb *
opensuse opensuse 13.1
CVE-2015-2326 MEDIUM

The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
php php *
opensuse opensuse 13.2
pcre pcre *
mariadb mariadb *
opensuse opensuse 13.1
CVE-2015-2568 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
suse linux_enterprise_desktop 11
redhat enterprise_linux_server_aus 7.3
oracle communications_policy_management 10.4.1
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.1
oracle communications_policy_management 12.1.1
redhat enterprise_linux_desktop 5.0
oracle communications_policy_management 9.9.1
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
oracle communications_policy_management *
suse linux_enterprise_software_development_kit 11
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
canonical ubuntu_linux 14.10
redhat enterprise_linux_server 5.0
suse linux_enterprise_server 11
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-2571 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
suse linux_enterprise_desktop 11
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.1
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
suse linux_enterprise_software_development_kit 11
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
canonical ubuntu_linux 14.10
redhat enterprise_linux_server 5.0
suse linux_enterprise_server 11
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-2573 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
suse linux_enterprise_desktop 11
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.1
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
suse linux_enterprise_software_development_kit 11
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
canonical ubuntu_linux 14.10
redhat enterprise_linux_server 5.0
suse linux_enterprise_server 11
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-2582 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.1
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_workstation 7.0
oracle solaris 11.3
canonical ubuntu_linux 14.10
redhat enterprise_linux_server 5.0
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-2620 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 14.04
mariadb mariadb *
canonical ubuntu_linux 15.04
oracle solaris 11.3
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.10
juniper junos_space *
CVE-2015-2643 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
opensuse opensuse 13.2
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.1
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
canonical ubuntu_linux 14.10
redhat enterprise_linux_server 5.0
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
opensuse opensuse 13.1
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-2648 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
opensuse opensuse 13.2
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.1
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
canonical ubuntu_linux 14.10
redhat enterprise_linux_server 5.0
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
opensuse opensuse 13.1
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-3152 MEDIUM

Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
fedoraproject fedora 21
redhat enterprise_linux_server_tus 7.7
oracle mysql_connector/c *
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_eus 7.1
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
fedoraproject fedora 22
redhat enterprise_linux_eus 7.3
php php *
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
CVE-2015-4752 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
opensuse opensuse 13.2
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.1
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
canonical ubuntu_linux 14.10
redhat enterprise_linux_server 5.0
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
opensuse opensuse 13.1
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-4757 LOW

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
opensuse opensuse 13.2
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.1
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
canonical ubuntu_linux 14.10
redhat enterprise_linux_server 5.0
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
opensuse opensuse 13.1
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-4792 LOW

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
opensuse opensuse 13.2
fedoraproject fedora 23
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server_tus 7.6
opensuse leap 42.1
oracle linux 7
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 15.10
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
opensuse opensuse 13.1
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-4802 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
opensuse opensuse 13.2
fedoraproject fedora 23
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server_tus 7.6
opensuse leap 42.1
oracle linux 7
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.1
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 15.10
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
opensuse opensuse 13.1
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-4807 LOW

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
opensuse opensuse 13.2
fedoraproject fedora 23
mariadb mariadb *
opensuse opensuse 13.1
oracle solaris 11.3
opensuse leap 42.1
CVE-2015-4815 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
opensuse opensuse 13.2
fedoraproject fedora 23
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server_tus 7.6
opensuse leap 42.1
oracle linux 7
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.1
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 15.10
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
opensuse opensuse 13.1
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-4816 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
fedoraproject fedora 23
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server_tus 7.6
oracle linux 7
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.1
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
redhat enterprise_linux_server 5.0
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 15.10
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-4819 HIGH

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_hpc_node 7.0
redhat enterprise_linux_server_eus 7.2
debian debian_linux 7.0
fedoraproject fedora 23
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_hpc_node_eus 7.2
oracle solaris 11.3
redhat enterprise_linux_server 5.0
debian debian_linux 8.0
oracle linux 7
oracle mysql *
canonical ubuntu_linux 15.10
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
canonical ubuntu_linux 12.04
CVE-2015-4826 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
opensuse opensuse 13.2
fedoraproject fedora 23
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server_tus 7.6
opensuse leap 42.1
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.1
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 15.10
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
opensuse opensuse 13.1
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-4830 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
opensuse opensuse 13.2
fedoraproject fedora 23
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server_tus 7.6
opensuse leap 42.1
suse linux_enterprise_desktop 11
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.1
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
suse linux_enterprise_software_development_kit 11
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
suse linux_enterprise_server 11
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 15.10
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
opensuse opensuse 13.1
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-4836 LOW

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
opensuse opensuse 13.2
fedoraproject fedora 23
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server_tus 7.6
opensuse leap 42.1
oracle linux 7
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 15.10
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
opensuse opensuse 13.1
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-4858 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
opensuse opensuse 13.2
fedoraproject fedora 23
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server_tus 7.6
opensuse leap 42.1
oracle linux 7
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.1
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 15.10
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
opensuse opensuse 13.1
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-4861 LOW

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
opensuse opensuse 13.2
fedoraproject fedora 23
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server_tus 7.6
opensuse leap 42.1
oracle linux 7
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 15.10
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
opensuse opensuse 13.1
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-4864 LOW

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.1
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
redhat enterprise_linux_server 5.0
oracle mysql *
canonical ubuntu_linux 15.10
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-4866 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
canonical ubuntu_linux 15.10
canonical ubuntu_linux 14.04
mariadb mariadb *
canonical ubuntu_linux 15.04
canonical ubuntu_linux 12.04
CVE-2015-4870 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
opensuse opensuse 13.2
fedoraproject fedora 23
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server_tus 7.6
opensuse leap 42.1
oracle linux 7
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.1
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 15.10
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
opensuse opensuse 13.1
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-4879 MEDIUM

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
fedoraproject fedora 23
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server_tus 7.6
oracle linux 7
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 15.10
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-4895 LOW

Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 15.10
canonical ubuntu_linux 14.04
fedoraproject fedora 23
mariadb mariadb *
canonical ubuntu_linux 15.04
canonical ubuntu_linux 12.04
CVE-2015-4913 LOW

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
opensuse opensuse 13.2
fedoraproject fedora 23
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_server_tus 7.6
opensuse leap 42.1
oracle linux 7
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle solaris 11.3
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 15.10
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
opensuse opensuse 13.1
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2015-7744 LOW

wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
wolfssl wolfssl *
opensuse opensuse 13.2
mariadb mariadb *
opensuse opensuse 13.1
opensuse leap 42.1
CVE-2016-0502 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
opensuse opensuse 13.2
mariadb mariadb *
opensuse opensuse 13.1
opensuse leap 42.1
CVE-2016-0505 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_hpc_node 7.0
opensuse opensuse 13.2
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux 7.0
redhat enterprise_linux_hpc_node_eus 7.2
redhat enterprise_linux 6.0
oracle solaris 11.3
opensuse leap 42.1
debian debian_linux 8.0
oracle linux 7
oracle mysql *
canonical ubuntu_linux 15.10
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
canonical ubuntu_linux 12.04
CVE-2016-0546 HIGH

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_hpc_node 7.0
opensuse opensuse 13.2
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux 7.0
redhat enterprise_linux_hpc_node_eus 7.2
redhat enterprise_linux 6.0
oracle solaris 11.3
opensuse leap 42.1
debian debian_linux 8.0
oracle linux 7
oracle mysql *
canonical ubuntu_linux 15.10
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
canonical ubuntu_linux 12.04
CVE-2016-0596 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_hpc_node 7.0
opensuse opensuse 13.2
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux 7.0
redhat enterprise_linux_hpc_node_eus 7.2
redhat enterprise_linux 6.0
oracle solaris 11.3
opensuse leap 42.1
debian debian_linux 8.0
oracle linux 7
oracle mysql *
canonical ubuntu_linux 15.10
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
canonical ubuntu_linux 12.04
CVE-2016-0597 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_hpc_node 7.0
opensuse opensuse 13.2
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux 7.0
redhat enterprise_linux_hpc_node_eus 7.2
redhat enterprise_linux 6.0
oracle solaris 11.3
opensuse leap 42.1
debian debian_linux 8.0
oracle linux 7
oracle mysql *
canonical ubuntu_linux 15.10
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
canonical ubuntu_linux 12.04
CVE-2016-0598 LOW

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_hpc_node 7.0
opensuse opensuse 13.2
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux 7.0
redhat enterprise_linux_hpc_node_eus 7.2
redhat enterprise_linux 6.0
oracle solaris 11.3
opensuse leap 42.1
debian debian_linux 8.0
oracle linux 7
oracle mysql *
canonical ubuntu_linux 15.10
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
canonical ubuntu_linux 12.04
CVE-2016-0600 LOW

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_hpc_node 7.0
opensuse opensuse 13.2
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux 7.0
redhat enterprise_linux_hpc_node_eus 7.2
redhat enterprise_linux 6.0
oracle solaris 11.3
opensuse leap 42.1
debian debian_linux 8.0
oracle linux 7
oracle mysql *
canonical ubuntu_linux 15.10
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
canonical ubuntu_linux 12.04
CVE-2016-0606 LOW

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_hpc_node 7.0
opensuse opensuse 13.2
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux 7.0
redhat enterprise_linux_hpc_node_eus 7.2
redhat enterprise_linux 6.0
oracle solaris 11.3
opensuse leap 42.1
debian debian_linux 8.0
oracle linux 7
oracle mysql *
canonical ubuntu_linux 15.10
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
canonical ubuntu_linux 12.04
CVE-2016-0608 LOW

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_hpc_node 7.0
opensuse opensuse 13.2
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux 7.0
redhat enterprise_linux_hpc_node_eus 7.2
redhat enterprise_linux 6.0
oracle solaris 11.3
opensuse leap 42.1
debian debian_linux 8.0
oracle linux 7
oracle mysql *
canonical ubuntu_linux 15.10
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
canonical ubuntu_linux 12.04
CVE-2016-0609 LOW

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_hpc_node 7.0
opensuse opensuse 13.2
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 15.04
redhat enterprise_linux 7.0
redhat enterprise_linux_hpc_node_eus 7.2
redhat enterprise_linux 6.0
oracle solaris 11.3
opensuse leap 42.1
debian debian_linux 8.0
oracle linux 7
oracle mysql *
canonical ubuntu_linux 15.10
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
canonical ubuntu_linux 12.04
CVE-2016-0610 LOW

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
mariadb mariadb 10.0.14
mariadb mariadb 10.1.8
opensuse opensuse 13.2
mariadb mariadb 10.1.0
mariadb mariadb 10.0.3
mariadb mariadb 10.0.18
mariadb mariadb 10.1.5
canonical ubuntu_linux 15.04
mariadb mariadb 10.0.13
mariadb mariadb 10.0.21
opensuse leap 42.1
mariadb mariadb 10.0.5
mariadb mariadb 10.0.15
canonical ubuntu_linux 14.04
mariadb mariadb 10.0.12
mariadb mariadb 10.0.17
mariadb mariadb 10.0.10
mariadb mariadb 10.1.3
mariadb mariadb 10.0.4
mariadb mariadb 10.0.2
mariadb mariadb 10.0.6
mariadb mariadb 10.0.16
mariadb mariadb 10.0.0
mariadb mariadb 10.0.19
mariadb mariadb 10.0.20
mariadb mariadb 10.1.4
mariadb mariadb 10.0.7
mariadb mariadb 10.1.7
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
mariadb mariadb 10.1.1
mariadb mariadb 10.0.1
mariadb mariadb 10.1.6
debian debian_linux 8.0
mariadb mariadb 10.1.2
oracle mysql *
canonical ubuntu_linux 15.10
mariadb mariadb 10.0.11
mariadb mariadb *
mariadb mariadb 10.0.8
mariadb mariadb 10.0.9
canonical ubuntu_linux 12.04
CVE-2016-0616 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
mariadb mariadb 10.0.14
redhat enterprise_linux_server_eus 7.2
mariadb mariadb 10.1.0
mariadb mariadb 10.0.3
mariadb mariadb 10.0.21
opensuse leap 42.1
mariadb mariadb 10.0.15
mariadb mariadb 10.0.12
mariadb mariadb 10.0.17
mariadb mariadb 10.1.3
mariadb mariadb 10.0.2
mariadb mariadb 10.0.16
mariadb mariadb 10.0.19
mariadb mariadb 10.0.20
mariadb mariadb 10.1.4
mariadb mariadb 10.1.7
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_hpc_node_eus 7.2
mariadb mariadb 10.1.1
oracle solaris 11.3
mariadb mariadb 10.1.6
mariadb mariadb 10.0.22
debian debian_linux 8.0
mariadb mariadb 10.1.2
mariadb mariadb *
mariadb mariadb 10.0.8
redhat enterprise_linux_server_aus 7.2
mariadb mariadb 10.1.8
mariadb mariadb 10.0.18
redhat enterprise_linux_server 7.0
mariadb mariadb 10.1.5
canonical ubuntu_linux 15.04
mariadb mariadb 10.0.13
mariadb mariadb 10.0.5
oracle linux 7
canonical ubuntu_linux 14.04
mariadb mariadb 10.0.10
mariadb mariadb 10.0.4
mariadb mariadb 10.0.6
mariadb mariadb 10.0.0
redhat enterprise_linux_hpc_node 7.0
mariadb mariadb 10.0.7
mariadb mariadb 10.0.1
oracle mysql *
canonical ubuntu_linux 15.10
mariadb mariadb 10.1.9
mariadb mariadb 10.0.11
redhat enterprise_linux_desktop 7.0
mariadb mariadb 10.0.9
canonical ubuntu_linux 12.04
CVE-2016-0640 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
oracle linux 7
ibm powerkvm 3.1
oracle mysql *
ibm powerkvm 2.1
mariadb mariadb *
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
opensuse leap 42.1
CVE-2016-0641 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
oracle linux 7
ibm powerkvm 3.1
oracle mysql *
ibm powerkvm 2.1
mariadb mariadb *
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
opensuse leap 42.1
CVE-2016-0642 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H 0.5 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_eus 7.6
suse linux_enterprise_workstation_extension 12
redhat enterprise_linux_server_tus 7.7
opensuse opensuse 13.2
suse linux_enterprise_desktop 12
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
opensuse leap 42.1
suse linux_enterprise_debuginfo 11
redhat enterprise_linux_server_aus 7.3
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
canonical ubuntu_linux 16.04
redhat enterprise_linux_eus 7.3
suse linux_enterprise_software_development_kit 11
suse linux_enterprise_server 12
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
suse linux_enterprise_server 11
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 15.10
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2016-0643 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
ibm powerkvm 3.1
oracle mysql *
ibm powerkvm 2.1
mariadb mariadb *
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
opensuse leap 42.1
CVE-2016-0644 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
oracle linux 7
ibm powerkvm 3.1
oracle mysql *
ibm powerkvm 2.1
mariadb mariadb *
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
opensuse leap 42.1
CVE-2016-0646 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
oracle linux 7
ibm powerkvm 3.1
oracle mysql *
ibm powerkvm 2.1
mariadb mariadb *
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
opensuse leap 42.1
CVE-2016-0647 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
oracle linux 7
ibm powerkvm 3.1
oracle mysql *
ibm powerkvm 2.1
mariadb mariadb *
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
opensuse leap 42.1
CVE-2016-0648 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
oracle linux 7
ibm powerkvm 3.1
oracle mysql *
ibm powerkvm 2.1
mariadb mariadb *
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
opensuse leap 42.1
CVE-2016-0649 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
oracle linux 7
ibm powerkvm 3.1
oracle mysql *
ibm powerkvm 2.1
mariadb mariadb *
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
opensuse leap 42.1
CVE-2016-0650 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
oracle linux 7
ibm powerkvm 3.1
oracle mysql *
ibm powerkvm 2.1
mariadb mariadb *
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
opensuse leap 42.1
CVE-2016-0651 LOW

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_eus 7.6
suse linux_enterprise_workstation_extension 12
redhat enterprise_linux_server_tus 7.7
opensuse opensuse 13.2
suse linux_enterprise_desktop 12
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
opensuse leap 42.1
suse linux_enterprise_debuginfo 11
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.3
suse linux_enterprise_software_development_kit 11
suse linux_enterprise_server 12
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
suse linux_enterprise_server 11
oracle mysql *
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
CVE-2016-0655 LOW

Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to InnoDB.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
oracle mysql *
mariadb mariadb *
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
opensuse leap 42.1
CVE-2016-0666 LOW

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
oracle linux 7
ibm powerkvm 3.1
oracle mysql *
ibm powerkvm 2.1
mariadb mariadb *
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
opensuse leap 42.1
CVE-2016-0668 LOW

Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 0.5 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
suse linux_enterprise_workstation_extension 12
opensuse opensuse 13.2
suse linux_enterprise_desktop 12
suse linux_enterprise_server 12
opensuse leap 42.1
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 15.10
canonical ubuntu_linux 14.04
mariadb mariadb *
suse linux_enterprise_software_development_kit 12
canonical ubuntu_linux 12.04
CVE-2016-2047 MEDIUM

The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
debian debian_linux 9.0
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
opensuse leap 42.1
debian debian_linux 8.0
oracle linux 7
oracle mysql *
canonical ubuntu_linux 15.10
canonical ubuntu_linux 14.04
mariadb mariadb *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
CVE-2016-3452 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle linux 7
ibm powerkvm 3.1
oracle mysql *
ibm powerkvm 2.1
mariadb mariadb *
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
CVE-2016-3459 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
mariadb mariadb *
CVE-2016-3471 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
mariadb mariadb *
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
CVE-2016-3477 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
oracle linux 7
ibm powerkvm 3.1
oracle mysql *
canonical ubuntu_linux 15.10
canonical ubuntu_linux 14.04
ibm powerkvm 2.1
mariadb mariadb *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
CVE-2016-3492 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
oracle mysql *
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_eus 7.3
CVE-2016-3521 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
oracle linux 7
ibm powerkvm 3.1
oracle mysql *
canonical ubuntu_linux 15.10
canonical ubuntu_linux 14.04
ibm powerkvm 2.1
mariadb mariadb *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
CVE-2016-3615 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
oracle linux 7
ibm powerkvm 3.1
oracle mysql *
canonical ubuntu_linux 15.10
canonical ubuntu_linux 14.04
ibm powerkvm 2.1
mariadb mariadb *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
CVE-2016-5440 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_eus 7.3
debian debian_linux 8.0
oracle linux 7
ibm powerkvm 3.1
oracle mysql *
redhat enterprise_linux_server_eus 7.6
canonical ubuntu_linux 15.10
canonical ubuntu_linux 14.04
ibm powerkvm 2.1
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.4
mariadb mariadb *
redhat enterprise_linux_server_aus 7.6
canonical ubuntu_linux 16.04
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 12.04
CVE-2016-5444 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_eus 7.3
oracle linux 7
ibm powerkvm 3.1
oracle mysql *
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_eus 7.6
ibm powerkvm 2.1
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.4
mariadb mariadb *
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
CVE-2016-5584 LOW

Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 0.7 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
oracle mysql *
mariadb mariadb *
CVE-2016-5612 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
oracle mysql *
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_eus 7.3
CVE-2016-5624 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
oracle mysql *
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_eus 7.3
CVE-2016-5626 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
oracle mysql *
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.7
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_eus 7.3
CVE-2016-5629 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
oracle mysql *
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_eus 7.3
CVE-2016-5630 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
mariadb mariadb *
CVE-2016-6662 HIGH

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
redhat openstack 8
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.5
redhat openstack 6.0
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_eus 7.3
redhat openstack 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server 6.0
redhat enterprise_linux_desktop 6.0
redhat openstack 9
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux 7.0
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_eus 7.6
redhat openstack 5.0
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.3
percona percona_server *
CVE-2016-6663 MEDIUM

Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
oracle mysql *
percona xtradb_cluster *
oracle mysql 8.0
mariadb mariadb *
percona percona_server *
CVE-2016-6664 MEDIUM

mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
oracle mysql *
percona xtradb_cluster *
mariadb mariadb *
percona percona_server *
CVE-2016-7440 LOW

The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
oracle mysql *
wolfssl wolfssl *
mariadb mariadb *
CVE-2016-8283 MEDIUM

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
mariadb mariadb *
CVE-2016-9843 HIGH

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
zlib zlib *
redhat enterprise_linux_workstation 6.0
apple mac_os_x *
opensuse opensuse 13.2
redhat enterprise_linux_server 7.0
oracle jdk 1.6.0
canonical ubuntu_linux 18.04
netapp snapcenter -
opensuse leap 42.1
oracle jdk 1.8.0
oracle jre 1.7.0
netapp oncommand_insight -
oracle jdk 1.7.0
oracle database_server 18c
netapp oncommand_workflow_automation -
netapp active_iq_unified_manager *
canonical ubuntu_linux 16.04
apple iphone_os *
redhat satellite 5.8
redhat enterprise_linux_server 6.0
oracle jre 1.6.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
oracle jre 1.8.0
opensuse leap 42.2
debian debian_linux 8.0
nodejs node.js *
oracle mysql *
redhat enterprise_linux_desktop 7.0
apple watchos *
mariadb mariadb *
redhat enterprise_linux_eus 7.5
apple tvos *
CVE-2017-10268 LOW

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 0.5 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
netapp oncommand_performance_manager -
redhat enterprise_linux_server_tus 7.6
netapp snapcenter -
netapp oncommand_balance -
debian debian_linux 8.0
oracle mysql *
netapp oncommand_insight -
redhat openstack 12
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
netapp oncommand_workflow_automation -
mariadb mariadb *
redhat enterprise_linux_eus 7.7
netapp active_iq_unified_manager *
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
netapp oncommand_unified_manager *
CVE-2017-10286 LOW

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 0.7 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
netapp oncommand_insight -
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
netapp oncommand_performance_manager -
netapp snapcenter -
netapp oncommand_balance -
netapp oncommand_unified_manager *
CVE-2017-10320 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
netapp oncommand_insight -
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
netapp oncommand_performance_manager -
netapp snapcenter -
netapp oncommand_balance -
netapp oncommand_unified_manager *
CVE-2017-10365 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.8 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L 1.2 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
netapp oncommand_insight -
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
netapp oncommand_performance_manager -
netapp snapcenter -
netapp oncommand_balance -
netapp oncommand_unified_manager *
CVE-2017-10378 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
netapp oncommand_performance_manager -
redhat enterprise_linux_server_tus 7.6
netapp snapcenter -
netapp oncommand_balance -
debian debian_linux 8.0
oracle mysql *
netapp oncommand_insight -
redhat openstack 12
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
netapp oncommand_workflow_automation -
mariadb mariadb *
redhat enterprise_linux_eus 7.7
netapp active_iq_unified_manager *
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
netapp oncommand_unified_manager *
CVE-2017-10379 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
netapp oncommand_performance_manager -
redhat enterprise_linux_server_tus 7.6
netapp snapcenter -
netapp oncommand_balance -
debian debian_linux 8.0
oracle mysql *
netapp oncommand_insight -
redhat openstack 12
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
netapp oncommand_workflow_automation -
mariadb mariadb *
redhat enterprise_linux_eus 7.7
netapp active_iq_unified_manager *
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
netapp oncommand_unified_manager *
CVE-2017-10384 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
netapp oncommand_performance_manager -
redhat enterprise_linux_server_tus 7.6
netapp snapcenter -
netapp oncommand_balance -
debian debian_linux 8.0
oracle mysql *
netapp oncommand_insight -
redhat openstack 12
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
netapp oncommand_workflow_automation -
mariadb mariadb *
redhat enterprise_linux_eus 7.7
netapp active_iq_unified_manager *
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
netapp oncommand_unified_manager *
CVE-2017-15365 MEDIUM

sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
percona xtradb_cluster *
fedoraproject fedora 26
mariadb mariadb *
CVE-2017-15945 HIGH

The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
mysql mysql *
mariadb mariadb *
CVE-2017-16046 MEDIUM

`mariadb` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-506,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
mariadb mariadb 2.13.0
CVE-2017-3238 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
CVE-2017-3243 LOW

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 0.7 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
CVE-2017-3244 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
CVE-2017-3257 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
debian debian_linux 8.0
oracle mysql *
mariadb mariadb *
CVE-2017-3258 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
CVE-2017-3265 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.6 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H 0.3 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
CVE-2017-3291 LOW

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H 0.3 5.9

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
CVE-2017-3302 MEDIUM

Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_workstation 7.0
mariadb mariadb *
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.4
CVE-2017-3308 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 3.1 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
CVE-2017-3309 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 3.1 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
CVE-2017-3312 LOW

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
oracle mysql *
mariadb mariadb *
CVE-2017-3313 LOW

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.0 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 6.5
canonical ubuntu_linux 12.10
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
canonical ubuntu_linux 13.10
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 6.5
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_server 5.0
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
mariadb mariadb *
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
CVE-2017-3317 LOW

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.0 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H 0.3 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
CVE-2017-3318 LOW

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.0 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N 0.3 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
CVE-2017-3453 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
CVE-2017-3456 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
CVE-2017-3464 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.4
mariadb mariadb *
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.4
CVE-2017-3600 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.7 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.4
mariadb mariadb *
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.4
CVE-2017-3636 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_eus 7.6
redhat openstack 12
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_server_aus 7.6
CVE-2017-3641 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_eus 7.6
redhat openstack 12
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_server_aus 7.6
CVE-2017-3651 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_tus 7.6
debian debian_linux 8.0
oracle mysql *
redhat openstack 12
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_aus 7.4
CVE-2017-3653 LOW

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N 1.6 1.4

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_tus 7.6
debian debian_linux 8.0
oracle mysql *
redhat openstack 12
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
CVE-2018-25032 MEDIUM

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
zlib zlib *
siemens scalance_sc622-2c_firmware *
siemens scalance_sc646-2c_firmware *
apple mac_os_x *
netapp h700s_firmware -
netapp h500s_firmware -
azul zulu 7.52
azul zulu 8.60
netapp h410s_firmware -
azul zulu 13.46
fedoraproject fedora 34
netapp hci_compute_node -
netapp oncommand_workflow_automation -
netapp e-series_santricity_os_controller *
fedoraproject fedora 36
netapp active_iq_unified_manager -
python python *
debian debian_linux 9.0
apple macos *
siemens scalance_sc642-2c_firmware *
debian debian_linux 10.0
netapp management_services_for_element_software -
netapp ontap_select_deploy_administration_utility -
siemens scalance_sc626-2c_firmware *
azul zulu 11.54
siemens scalance_sc632-2c_firmware *
azul zulu 17.32
netapp h300s_firmware -
debian debian_linux 11.0
azul zulu 6.45
nokogiri nokogiri *
goto gotoassist *
azul zulu 15.38
mariadb mariadb *
netapp h410c_firmware -
apple mac_os_x 10.15.7
fedoraproject fedora 35
siemens scalance_sc636-2c_firmware *
CVE-2018-2562 HIGH

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 2.8 4.2

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
debian debian_linux 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_tus 7.6
netapp snapcenter -
debian debian_linux 8.0
oracle mysql *
netapp oncommand_insight -
redhat openstack 12
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
netapp oncommand_workflow_automation -
mariadb mariadb *
redhat enterprise_linux_eus 7.7
netapp active_iq_unified_manager *
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
canonical ubuntu_linux 12.04
CVE-2018-2612 HIGH

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 1.2 5.2

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
oracle mysql *
debian debian_linux 9.0
canonical ubuntu_linux 14.04
netapp oncommand_insight -
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
canonical ubuntu_linux 16.04
netapp snapcenter -
canonical ubuntu_linux 17.10
CVE-2018-2622 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
netapp snapcenter -
canonical ubuntu_linux 17.10
canonical ubuntu_linux 14.04
netapp oncommand_insight -
redhat openstack 12
netapp oncommand_workflow_automation -
redhat enterprise_linux_eus 7.7
netapp active_iq_unified_manager *
redhat enterprise_linux_server_aus 7.6
canonical ubuntu_linux 16.04
debian debian_linux 9.0
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.5
canonical ubuntu_linux 12.04
CVE-2018-2640 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
netapp snapcenter -
canonical ubuntu_linux 17.10
canonical ubuntu_linux 14.04
netapp oncommand_insight -
redhat openstack 12
netapp oncommand_workflow_automation -
redhat enterprise_linux_eus 7.7
netapp active_iq_unified_manager *
redhat enterprise_linux_server_aus 7.6
canonical ubuntu_linux 16.04
debian debian_linux 9.0
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.5
canonical ubuntu_linux 12.04
CVE-2018-2665 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
netapp snapcenter -
canonical ubuntu_linux 17.10
canonical ubuntu_linux 14.04
netapp oncommand_insight -
redhat openstack 12
netapp oncommand_workflow_automation -
redhat enterprise_linux_eus 7.7
netapp active_iq_unified_manager *
redhat enterprise_linux_server_aus 7.6
canonical ubuntu_linux 16.04
debian debian_linux 9.0
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.5
canonical ubuntu_linux 12.04
CVE-2018-2668 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
netapp snapcenter -
canonical ubuntu_linux 17.10
canonical ubuntu_linux 14.04
netapp oncommand_insight -
redhat openstack 12
netapp oncommand_workflow_automation -
redhat enterprise_linux_eus 7.7
netapp active_iq_unified_manager *
redhat enterprise_linux_server_aus 7.6
canonical ubuntu_linux 16.04
debian debian_linux 9.0
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.5
canonical ubuntu_linux 12.04
CVE-2018-2755 LOW

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.7 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.0 6.0

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
canonical ubuntu_linux 18.04
netapp snapcenter -
canonical ubuntu_linux 17.10
canonical ubuntu_linux 14.04
netapp oncommand_insight -
redhat openstack 12
netapp oncommand_workflow_automation -
redhat enterprise_linux_eus 7.7
netapp active_iq_unified_manager *
redhat enterprise_linux_server_aus 7.6
canonical ubuntu_linux 16.04
debian debian_linux 9.0
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.5
canonical ubuntu_linux 12.04
CVE-2018-2759 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
canonical ubuntu_linux 14.04
netapp oncommand_insight -
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
netapp snapcenter -
canonical ubuntu_linux 17.10
CVE-2018-2761 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
canonical ubuntu_linux 18.04
netapp snapcenter -
canonical ubuntu_linux 17.10
canonical ubuntu_linux 14.04
netapp oncommand_insight -
redhat openstack 12
netapp oncommand_workflow_automation -
redhat enterprise_linux_eus 7.7
netapp active_iq_unified_manager *
redhat enterprise_linux_server_aus 7.6
canonical ubuntu_linux 16.04
debian debian_linux 9.0
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.5
canonical ubuntu_linux 12.04
CVE-2018-2766 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
oracle mysql *
debian debian_linux 9.0
netapp oncommand_insight -
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
canonical ubuntu_linux 18.04
netapp snapcenter -
CVE-2018-2767 LOW

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N 1.6 1.4

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_tus 7.6
canonical ubuntu_linux 18.04
netapp snapcenter -
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 14.04
netapp oncommand_insight -
redhat openstack 12
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
netapp oncommand_workflow_automation -
mariadb mariadb *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.5
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
CVE-2018-2771 LOW

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
canonical ubuntu_linux 18.04
netapp snapcenter -
canonical ubuntu_linux 17.10
canonical ubuntu_linux 14.04
netapp oncommand_insight -
redhat openstack 12
netapp oncommand_workflow_automation -
redhat enterprise_linux_eus 7.7
netapp active_iq_unified_manager *
redhat enterprise_linux_server_aus 7.6
canonical ubuntu_linux 16.04
debian debian_linux 9.0
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.5
canonical ubuntu_linux 12.04
CVE-2018-2777 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
canonical ubuntu_linux 14.04
netapp oncommand_insight -
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
netapp snapcenter -
canonical ubuntu_linux 17.10
CVE-2018-2781 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
canonical ubuntu_linux 18.04
netapp snapcenter -
canonical ubuntu_linux 17.10
canonical ubuntu_linux 14.04
netapp oncommand_insight -
redhat openstack 12
netapp oncommand_workflow_automation -
redhat enterprise_linux_eus 7.7
netapp active_iq_unified_manager *
redhat enterprise_linux_server_aus 7.6
canonical ubuntu_linux 16.04
debian debian_linux 9.0
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.5
canonical ubuntu_linux 12.04
CVE-2018-2782 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
canonical ubuntu_linux 18.04
netapp snapcenter -
canonical ubuntu_linux 17.10
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 14.04
netapp oncommand_insight -
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
canonical ubuntu_linux 16.04
CVE-2018-2784 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
canonical ubuntu_linux 18.04
netapp snapcenter -
canonical ubuntu_linux 17.10
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 14.04
netapp oncommand_insight -
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
canonical ubuntu_linux 16.04
CVE-2018-2786 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 1.2 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
canonical ubuntu_linux 14.04
mariadb mariadb *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
CVE-2018-2787 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 1.2 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
canonical ubuntu_linux 14.04
mariadb mariadb *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.10
CVE-2018-2810 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
canonical ubuntu_linux 14.04
netapp oncommand_insight -
canonical ubuntu_linux 18.10
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
netapp snapcenter -
CVE-2018-2813 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
debian debian_linux 7.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_tus 7.6
canonical ubuntu_linux 18.04
netapp storage_automation_store -
netapp snapcenter -
canonical ubuntu_linux 17.10
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_eus 7.6
canonical ubuntu_linux 14.04
netapp oncommand_insight -
redhat openstack 12
redhat enterprise_linux_desktop 7.0
netapp oncommand_workflow_automation -
mariadb mariadb *
redhat enterprise_linux_server_aus 7.6
canonical ubuntu_linux 16.04
netapp oncommand_unified_manager *
canonical ubuntu_linux 12.04
CVE-2018-2817 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
canonical ubuntu_linux 18.04
netapp snapcenter -
canonical ubuntu_linux 17.10
canonical ubuntu_linux 14.04
netapp oncommand_insight -
redhat openstack 12
netapp oncommand_workflow_automation -
redhat enterprise_linux_eus 7.7
netapp active_iq_unified_manager *
redhat enterprise_linux_server_aus 7.6
canonical ubuntu_linux 16.04
debian debian_linux 9.0
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.5
canonical ubuntu_linux 12.04
CVE-2018-2819 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
canonical ubuntu_linux 18.04
netapp snapcenter -
canonical ubuntu_linux 17.10
canonical ubuntu_linux 14.04
netapp oncommand_insight -
redhat openstack 12
netapp oncommand_workflow_automation -
redhat enterprise_linux_eus 7.7
netapp active_iq_unified_manager *
redhat enterprise_linux_server_aus 7.6
canonical ubuntu_linux 16.04
debian debian_linux 9.0
debian debian_linux 7.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
oracle mysql *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_desktop 7.0
mariadb mariadb *
redhat enterprise_linux_eus 7.5
canonical ubuntu_linux 12.04
CVE-2018-3058 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 18.04
netapp storage_automation_store -
netapp snapcenter -
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 14.04
netapp oncommand_insight -
redhat enterprise_linux_desktop 7.0
netapp oncommand_workflow_automation -
mariadb mariadb *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
CVE-2018-3060 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 1.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
canonical ubuntu_linux 14.04
netapp oncommand_insight -
netapp oncommand_workflow_automation -
mariadb mariadb *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
netapp storage_automation_store -
netapp snapcenter -
CVE-2018-3063 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
oracle mysql *
debian debian_linux 9.0
canonical ubuntu_linux 14.04
netapp oncommand_insight -
netapp oncommand_workflow_automation -
mariadb mariadb *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
netapp snapcenter -
canonical ubuntu_linux 12.04
CVE-2018-3064 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 2.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
oracle mysql *
debian debian_linux 9.0
canonical ubuntu_linux 14.04
netapp oncommand_insight -
netapp oncommand_workflow_automation -
mariadb mariadb *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
netapp storage_automation_store -
netapp snapcenter -
CVE-2018-3066 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N 0.7 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 18.04
netapp storage_automation_store -
netapp snapcenter -
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 14.04
netapp oncommand_insight -
redhat enterprise_linux_desktop 7.0
netapp oncommand_workflow_automation -
mariadb mariadb *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
CVE-2018-3081 MEDIUM

Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.0 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H 0.7 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 18.04
netapp storage_automation_store -
netapp snapcenter -
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 14.04
netapp oncommand_insight -
redhat enterprise_linux_desktop 7.0
netapp oncommand_workflow_automation -
mariadb mariadb *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
CVE-2018-3133 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
netapp snapcenter -
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 14.04
netapp oncommand_insight -
canonical ubuntu_linux 18.10
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
canonical ubuntu_linux 16.04
netapp oncommand_unified_manager *
canonical ubuntu_linux 12.04
CVE-2018-3143 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
canonical ubuntu_linux 18.04
netapp storage_automation_store -
netapp snapcenter -
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 14.04
netapp oncommand_insight -
canonical ubuntu_linux 18.10
netapp oncommand_workflow_automation -
mariadb mariadb *
canonical ubuntu_linux 16.04
netapp oncommand_unified_manager *
CVE-2018-3156 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
canonical ubuntu_linux 18.04
netapp storage_automation_store -
netapp snapcenter -
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 14.04
netapp oncommand_insight -
canonical ubuntu_linux 18.10
netapp oncommand_workflow_automation -
mariadb mariadb *
canonical ubuntu_linux 16.04
netapp oncommand_unified_manager *
CVE-2018-3162 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
canonical ubuntu_linux 14.04
netapp oncommand_insight -
canonical ubuntu_linux 18.10
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
netapp snapcenter -
CVE-2018-3173 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
canonical ubuntu_linux 14.04
netapp oncommand_insight -
canonical ubuntu_linux 18.10
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
netapp snapcenter -
CVE-2018-3174 LOW

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
canonical ubuntu_linux 18.04
netapp snapcenter -
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 14.04
netapp oncommand_insight -
canonical ubuntu_linux 18.10
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
CVE-2018-3185 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 1.2 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
canonical ubuntu_linux 14.04
netapp oncommand_insight -
canonical ubuntu_linux 18.10
netapp oncommand_workflow_automation -
mariadb mariadb *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
netapp storage_automation_store -
netapp snapcenter -
netapp oncommand_unified_manager *
CVE-2018-3200 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
canonical ubuntu_linux 14.04
netapp oncommand_insight -
canonical ubuntu_linux 18.10
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
netapp snapcenter -
CVE-2018-3251 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
canonical ubuntu_linux 18.04
netapp storage_automation_store -
netapp snapcenter -
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 14.04
netapp oncommand_insight -
canonical ubuntu_linux 18.10
netapp oncommand_workflow_automation -
mariadb mariadb *
canonical ubuntu_linux 16.04
netapp oncommand_unified_manager *
CVE-2018-3277 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
canonical ubuntu_linux 14.04
netapp oncommand_insight -
canonical ubuntu_linux 18.10
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
netapp snapcenter -
CVE-2018-3282 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 18.04
netapp snapcenter -
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 14.04
netapp oncommand_insight -
canonical ubuntu_linux 18.10
redhat enterprise_linux_desktop 7.0
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
CVE-2018-3284 LOW

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
canonical ubuntu_linux 14.04
netapp oncommand_insight -
canonical ubuntu_linux 18.10
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
netapp snapcenter -
CVE-2019-2455 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 8.0
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_workstation 8.0
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_eus 8.2
canonical ubuntu_linux 18.04
netapp snapcenter -
redhat enterprise_linux_eus 8.4
oracle mysql *
netapp oncommand_insight -
canonical ubuntu_linux 18.10
redhat enterprise_linux_server_tus 8.4
netapp oncommand_workflow_automation -
redhat enterprise_linux_eus 8.1
mariadb mariadb *
netapp active_iq_unified_manager *
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_server 8.0
canonical ubuntu_linux 16.04
redhat enterprise_linux_server_tus 8.2
CVE-2019-2481 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux 8.0
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_eus 8.2
canonical ubuntu_linux 18.04
netapp snapcenter -
redhat enterprise_linux_eus 8.4
oracle mysql *
netapp oncommand_insight -
canonical ubuntu_linux 18.10
redhat enterprise_linux_server_tus 8.4
netapp oncommand_workflow_automation -
redhat enterprise_linux_eus 8.1
mariadb mariadb *
redhat enterprise_linux_server_tus 8.6
canonical ubuntu_linux 16.04
redhat enterprise_linux_server_tus 8.2
netapp oncommand_unified_manager *
CVE-2019-2503 LOW

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.4 MEDIUM CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H 1.2 5.2

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 18.04
netapp snapcenter -
netapp oncommand_insight -
redhat enterprise_linux_server_tus 8.4
netapp oncommand_workflow_automation -
netapp active_iq_unified_manager *
redhat enterprise_linux_server 8.0
canonical ubuntu_linux 16.04
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_desktop 8.0
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_workstation 8.0
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_eus 8.4
oracle mysql *
canonical ubuntu_linux 18.10
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 8.1
mariadb mariadb *
redhat enterprise_linux_server_tus 8.6
CVE-2019-2510 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux 8.0
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_eus 8.2
canonical ubuntu_linux 18.04
netapp snapcenter -
redhat enterprise_linux_eus 8.4
oracle mysql *
netapp oncommand_insight -
canonical ubuntu_linux 18.10
redhat enterprise_linux_server_tus 8.4
netapp oncommand_workflow_automation -
redhat enterprise_linux_eus 8.1
mariadb mariadb *
netapp active_iq_unified_manager *
redhat enterprise_linux_server_tus 8.6
canonical ubuntu_linux 16.04
redhat enterprise_linux_server_tus 8.2
CVE-2019-2529 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 18.04
netapp storage_automation_store -
netapp snapcenter -
redhat enterprise_linux_server_tus 8.4
netapp oncommand_workflow_automation -
redhat enterprise_linux_server 8.0
canonical ubuntu_linux 16.04
redhat enterprise_linux_server_tus 8.2
netapp oncommand_unified_manager *
redhat enterprise_linux 8.0
redhat enterprise_linux_desktop 8.0
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_workstation 8.0
redhat enterprise_linux 7.0
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_eus 8.4
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 18.10
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 8.1
mariadb mariadb *
redhat enterprise_linux_server_tus 8.6
CVE-2019-2537 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux 8.0
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_eus 8.2
canonical ubuntu_linux 18.04
netapp storage_automation_store -
netapp snapcenter -
redhat enterprise_linux_eus 8.4
debian debian_linux 8.0
oracle mysql *
canonical ubuntu_linux 18.10
redhat enterprise_linux_server_tus 8.4
netapp oncommand_workflow_automation -
mariadb mariadb *
redhat enterprise_linux_server_tus 8.6
canonical ubuntu_linux 16.04
redhat enterprise_linux_server_tus 8.2
netapp oncommand_unified_manager *
CVE-2019-2614 LOW

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.04
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 18.04
fedoraproject fedora 30
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server 8.0
canonical ubuntu_linux 16.04
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_desktop 8.0
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_eus 8.4
oracle mysql *
opensuse leap 15.0
canonical ubuntu_linux 18.10
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 8.1
mariadb mariadb *
fedoraproject fedora 29
redhat enterprise_linux_server_tus 8.6
opensuse leap 15.1
CVE-2019-2627 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.04
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_eus 8.2
canonical ubuntu_linux 18.04
redhat enterprise_linux_eus 8.4
oracle mysql *
opensuse leap 15.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 18.10
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 8.1
mariadb mariadb *
redhat enterprise_linux_server_tus 8.6
canonical ubuntu_linux 16.04
opensuse leap 15.1
redhat enterprise_linux_server_tus 8.2
CVE-2019-2628 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.04
redhat enterprise_linux 8.0
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_eus 8.2
canonical ubuntu_linux 18.04
redhat enterprise_linux_eus 8.4
oracle mysql *
opensuse leap 15.0
canonical ubuntu_linux 18.10
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_eus 8.1
mariadb mariadb *
redhat enterprise_linux_server_tus 8.6
canonical ubuntu_linux 16.04
opensuse leap 15.1
redhat enterprise_linux_server_tus 8.2
CVE-2019-2737 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.04
fedoraproject fedora 30
oracle mysql *
mariadb mariadb *
fedoraproject fedora 29
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
opensuse leap 15.1
CVE-2019-2739 LOW

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 0.8 4.2

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.04
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_eus 8.2
canonical ubuntu_linux 18.04
redhat enterprise_linux_eus 8.4
fedoraproject fedora 30
oracle mysql *
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_eus 8.1
mariadb mariadb *
fedoraproject fedora 29
redhat enterprise_linux_server_tus 8.6
canonical ubuntu_linux 16.04
redhat enterprise_linux_server_tus 8.2
CVE-2019-2740 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.04
redhat enterprise_linux_desktop 8.0
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_workstation 8.0
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_eus 8.2
canonical ubuntu_linux 18.04
redhat enterprise_linux_eus 8.4
fedoraproject fedora 30
oracle mysql *
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_eus 8.1
mariadb mariadb *
fedoraproject fedora 29
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_server 8.0
canonical ubuntu_linux 16.04
opensuse leap 15.1
redhat enterprise_linux_server_tus 8.2
CVE-2019-2758 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 1.2 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.04
oracle mysql *
mariadb mariadb *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
CVE-2019-2805 MEDIUM

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.04
redhat enterprise_linux_desktop 8.0
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_workstation 8.0
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_eus 8.2
canonical ubuntu_linux 18.04
redhat enterprise_linux_eus 8.4
fedoraproject fedora 30
oracle mysql *
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_eus 8.1
mariadb mariadb *
fedoraproject fedora 29
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_server 8.0
canonical ubuntu_linux 16.04
opensuse leap 15.1
redhat enterprise_linux_server_tus 8.2
CVE-2019-2938 LOW

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 31
canonical ubuntu_linux 19.04
netapp active_iq_unified_manager -
canonical ubuntu_linux 18.04
netapp snapcenter -
fedoraproject fedora 30
oracle mysql *
netapp oncommand_insight -
canonical ubuntu_linux 19.10
netapp oncommand_workflow_automation -
mariadb mariadb *
fedoraproject fedora 29
canonical ubuntu_linux 16.04
opensuse leap 15.1
CVE-2019-2974 MEDIUM

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 31
canonical ubuntu_linux 19.04
fedoraproject fedora 30
oracle mysql *
canonical ubuntu_linux 19.10
mariadb mariadb *
fedoraproject fedora 29
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
opensuse leap 15.1
CVE-2020-13249 MEDIUM

libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 31
mariadb connector/c *
fedoraproject fedora 32
opensuse leap 15.1
CVE-2020-14550 LOW

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.6 3.6
secalert_us@oracle.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 31
netapp active_iq_unified_manager -
oracle mysql *
fedoraproject fedora 32
netapp oncommand_insight -
netapp oncommand_workflow_automation -
mariadb mariadb *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 20.04
fedoraproject fedora 33
CVE-2020-14765 MEDIUM

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert_us@oracle.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 31
oracle mysql *
debian debian_linux 9.0
fedoraproject fedora 32
netapp oncommand_insight -
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
netapp snapcenter -
fedoraproject fedora 33
CVE-2020-14776 MEDIUM

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert_us@oracle.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 31
oracle mysql *
fedoraproject fedora 32
netapp oncommand_insight -
mariadb mariadb *
netapp snapcenter -
fedoraproject fedora 33
CVE-2020-14789 MEDIUM

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert_us@oracle.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 31
oracle mysql *
fedoraproject fedora 32
netapp oncommand_insight -
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
netapp snapcenter_server -
fedoraproject fedora 33
CVE-2020-14812 MEDIUM

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert_us@oracle.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 31
oracle mysql *
debian debian_linux 9.0
fedoraproject fedora 32
netapp oncommand_insight -
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
netapp snapcenter -
fedoraproject fedora 33
CVE-2020-15180 MEDIUM

A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 2.2 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-77,

Products Affected

Vendor Product Version
debian debian_linux 9.0
galeracluster galera_cluster_for_mysql *
percona xtradb_cluster *
debian debian_linux 10.0
mariadb mariadb *
CVE-2020-2574 MEDIUM

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
oracle mysql *
netapp oncommand_insight -
canonical ubuntu_linux 19.10
netapp oncommand_workflow_automation -
mariadb mariadb *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
opensuse leap 15.1
netapp snapcenter -
CVE-2020-2752 LOW

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 31
oracle mysql *
fedoraproject fedora 32
netapp oncommand_insight -
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
opensuse leap 15.1
netapp snapcenter -
CVE-2020-2760 MEDIUM

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 1.2 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 31
canonical ubuntu_linux 18.04
netapp snapcenter -
fedoraproject fedora 30
oracle mysql *
fedoraproject fedora 32
netapp oncommand_insight -
canonical ubuntu_linux 19.10
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
canonical ubuntu_linux 16.04
opensuse leap 15.1
canonical ubuntu_linux 20.04
CVE-2020-2780 MEDIUM

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 31
canonical ubuntu_linux 18.04
netapp snapcenter -
fedoraproject fedora 30
oracle mysql *
fedoraproject fedora 32
netapp oncommand_insight -
canonical ubuntu_linux 19.10
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 20.04
CVE-2020-2812 MEDIUM

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 31
debian debian_linux 9.0
debian debian_linux 10.0
canonical ubuntu_linux 18.04
netapp snapcenter -
debian debian_linux 8.0
fedoraproject fedora 30
oracle mysql *
fedoraproject fedora 32
netapp oncommand_insight -
canonical ubuntu_linux 19.10
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
canonical ubuntu_linux 16.04
opensuse leap 15.1
CVE-2020-2814 MEDIUM

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 31
debian debian_linux 9.0
debian debian_linux 10.0
netapp snapcenter -
debian debian_linux 8.0
fedoraproject fedora 30
oracle mysql *
fedoraproject fedora 32
netapp oncommand_insight -
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
opensuse leap 15.1
CVE-2020-28912 MEDIUM

With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between the client and the server, and getting the ability to run SQL commands on behalf of the connected user. This occurs because of an incorrect security descriptor. This affects MariaDB Server before 10.1.48, 10.2.x before 10.2.35, 10.3.x before 10.3.26, 10.4.x before 10.4.16, and 10.5.x before 10.5.7. NOTE: this issue exists because certain details of the MariaDB CVE-2019-2503 fix did not comprehensively address attack variants against MariaDB. This situation is specific to MariaDB, and thus CVE-2020-28912 does NOT apply to other vendors that were originally affected by CVE-2019-2503.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mariadb mariadb *
CVE-2020-2922 MEDIUM

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
netapp oncommand_insight -
canonical ubuntu_linux 19.10
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp active_iq_unified_manager *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
netapp snapcenter -
canonical ubuntu_linux 20.04
CVE-2020-7221 HIGH

mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-59,

Products Affected

Vendor Product Version
mariadb mariadb *
CVE-2021-2007 MEDIUM

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
oracle mysql *
fedoraproject fedora 32
netapp oncommand_insight -
netapp oncommand_workflow_automation -
mariadb mariadb *
fedoraproject fedora 33
CVE-2021-2011 HIGH

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert_us@oracle.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
oracle mysql *
fedoraproject fedora 32
netapp oncommand_insight -
netapp oncommand_workflow_automation -
mariadb mariadb *
fedoraproject fedora 33
CVE-2021-2022 MEDIUM

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert_us@oracle.com 4.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 0.7 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
fedoraproject fedora 32
netapp oncommand_insight -
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp snapcenter -
fedoraproject fedora 33
CVE-2021-2032 MEDIUM

Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert_us@oracle.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql *
netapp oncommand_insight -
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp snapcenter -
CVE-2021-2144 MEDIUM

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert_us@oracle.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
oracle mysql *
netapp oncommand_insight -
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp snapcenter -
CVE-2021-2154 MEDIUM

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert_us@oracle.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
oracle mysql *
fedoraproject fedora 32
netapp oncommand_insight -
fedoraproject fedora 34
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp snapcenter -
fedoraproject fedora 33
CVE-2021-2166 MEDIUM

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert_us@oracle.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
oracle mysql *
fedoraproject fedora 32
netapp oncommand_insight -
fedoraproject fedora 34
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp snapcenter -
fedoraproject fedora 33
CVE-2021-2174 LOW

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
oracle mysql *
fedoraproject fedora 32
netapp oncommand_insight -
fedoraproject fedora 34
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp snapcenter -
fedoraproject fedora 33
CVE-2021-2180 MEDIUM

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert_us@oracle.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
oracle mysql *
fedoraproject fedora 32
netapp oncommand_insight -
fedoraproject fedora 34
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp snapcenter -
fedoraproject fedora 33
CVE-2021-2194 MEDIUM

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert_us@oracle.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
oracle mysql *
fedoraproject fedora 32
netapp oncommand_insight -
fedoraproject fedora 34
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp snapcenter -
fedoraproject fedora 33
CVE-2021-2372 LOW

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql_server *
netapp active_iq_unified_manager -
netapp oncommand_insight -
fedoraproject fedora 34
netapp oncommand_workflow_automation -
mariadb mariadb *
fedoraproject fedora 35
netapp snapcenter -
fedoraproject fedora 33
CVE-2021-2389 HIGH

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert_us@oracle.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql_server *
netapp active_iq_unified_manager -
netapp oncommand_insight -
fedoraproject fedora 34
netapp oncommand_workflow_automation -
mariadb mariadb *
fedoraproject fedora 35
netapp snapcenter -
CVE-2021-27928 HIGH

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
debian debian_linux 9.0
galeracluster wsrep *
mariadb mariadb *
percona percona_server *
CVE-2021-35604 MEDIUM

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 1.2 4.2
secalert_us@oracle.com 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 1.2 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle mysql_server *
netapp oncommand_insight -
fedoraproject fedora 34
mariadb mariadb *
fedoraproject fedora 35
netapp snapcenter -
fedoraproject fedora 33
CVE-2021-46657 LOW

get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
mariadb mariadb *
CVE-2021-46658 LOW

save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
mariadb mariadb *
CVE-2021-46659 LOW

MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 34
mariadb mariadb *
fedoraproject fedora 35
CVE-2021-46661 LOW

MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 34
mariadb mariadb *
fedoraproject fedora 35
CVE-2021-46662 LOW

MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
mariadb mariadb *
CVE-2021-46663 LOW

MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 34
mariadb mariadb *
fedoraproject fedora 35
CVE-2021-46664 LOW

MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 34
mariadb mariadb *
fedoraproject fedora 35
CVE-2021-46665 LOW

MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 34
mariadb mariadb *
fedoraproject fedora 35
CVE-2021-46666 LOW

MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-617,

Products Affected

Vendor Product Version
mariadb mariadb *
CVE-2021-46667 LOW

MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-190,

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 34
mariadb mariadb *
fedoraproject fedora 35
CVE-2021-46668 LOW

MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-400,

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 34
mariadb mariadb *
fedoraproject fedora 35
CVE-2021-46669 MEDIUM

MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
fedoraproject fedora 36
debian debian_linux 10.0
mariadb mariadb *
fedoraproject fedora 35
CVE-2022-0778 MEDIUM

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
fedoraproject fedora 36
debian debian_linux 9.0
netapp clustered_data_ontap -
netapp 500f_firmware -
debian debian_linux 10.0
netapp cloud_volumes_ontap_mediator -
nodejs node.js *
debian debian_linux 11.0
fedoraproject fedora 34
netapp storagegrid -
netapp a250_firmware -
tenable nessus *
mariadb mariadb *
netapp santricity_smi-s_provider -
openssl openssl *
netapp clustered_data_ontap_antivirus_connector -
CVE-2022-21427 MEDIUM

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert_us@oracle.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
oracle mysql *
netapp oncommand_insight -
debian debian_linux 10.0
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp snapcenter -
CVE-2022-21451 LOW

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert_us@oracle.com 4.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 0.7 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
oracle mysql *
netapp oncommand_insight -
netapp oncommand_workflow_automation -
mariadb mariadb *
netapp snapcenter -
CVE-2022-21595

Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert_us@oracle.com 4.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 0.7 3.6

Products Affected

Vendor Product Version
oracle mysql *
netapp oncommand_insight -
netapp oncommand_workflow_automation -
mariadb mariadb *
CVE-2022-24048 MEDIUM

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 34
mariadb mariadb *
fedoraproject fedora 35
mariadb mariadb 10.8.0
CVE-2022-24050 MEDIUM

MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 34
mariadb mariadb *
fedoraproject fedora 35
mariadb mariadb 10.8.0
CVE-2022-24051 MEDIUM

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-134,

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 34
mariadb mariadb *
fedoraproject fedora 35
mariadb mariadb 10.8.0
CVE-2022-24052 MEDIUM

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 34
mariadb mariadb *
fedoraproject fedora 35
mariadb mariadb 10.8.0
CVE-2022-27376 MEDIUM

MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
debian debian_linux 10.0
mariadb mariadb *
CVE-2022-27377 MEDIUM

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
debian debian_linux 10.0
mariadb mariadb *
CVE-2022-27378 MEDIUM

An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
debian debian_linux 10.0
mariadb mariadb 10.9
mariadb mariadb *
CVE-2022-27379 MEDIUM

An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
debian debian_linux 10.0
mariadb mariadb *
CVE-2022-27380 MEDIUM

An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
debian debian_linux 10.0
mariadb mariadb *
CVE-2022-27381 MEDIUM

An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
debian debian_linux 10.0
mariadb mariadb *
CVE-2022-27382 MEDIUM

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
mariadb mariadb *
CVE-2022-27383 MEDIUM

MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
debian debian_linux 10.0
mariadb mariadb *
CVE-2022-27384 MEDIUM

An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
debian debian_linux 10.0
mariadb mariadb *
CVE-2022-27385 MEDIUM

An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
mariadb mariadb *
CVE-2022-27386 MEDIUM

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
debian debian_linux 10.0
mariadb mariadb *
CVE-2022-27387 MEDIUM

MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
debian debian_linux 10.0
mariadb mariadb *
CVE-2022-27444 MEDIUM

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
mariadb mariadb *
CVE-2022-27445 MEDIUM

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 10.0
mariadb mariadb *
CVE-2022-27446 MEDIUM

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
mariadb mariadb *
CVE-2022-27447 MEDIUM

MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
debian debian_linux 10.0
mariadb mariadb *
CVE-2022-27448 MEDIUM

There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
debian debian_linux 10.0
mariadb mariadb *
CVE-2022-27449 MEDIUM

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 10.0
mariadb mariadb *
CVE-2022-27451 MEDIUM

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
mariadb mariadb *
CVE-2022-27452 MEDIUM

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 10.0
mariadb mariadb *
CVE-2022-27455 MEDIUM

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
mariadb mariadb *
CVE-2022-27456 MEDIUM

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
debian debian_linux 10.0
mariadb mariadb *
CVE-2022-27457 MEDIUM

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
mariadb mariadb *
CVE-2022-31621 LOW

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-667,

Products Affected

Vendor Product Version
mariadb mariadb *
CVE-2022-31622 LOW

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-667,

Products Affected

Vendor Product Version
mariadb mariadb *
CVE-2022-31623 LOW

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-667,

Products Affected

Vendor Product Version
mariadb mariadb *
CVE-2022-31624 LOW

MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-667,

Products Affected

Vendor Product Version
mariadb mariadb *
CVE-2022-32081 HIGH

MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 37
mariadb mariadb *
fedoraproject fedora 35
CVE-2022-32082 MEDIUM

MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 37
mariadb mariadb *
fedoraproject fedora 35
CVE-2022-32083 MEDIUM

MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 10.0
mariadb mariadb *
CVE-2022-32084 MEDIUM

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 37
debian debian_linux 10.0
mariadb mariadb *
fedoraproject fedora 35
CVE-2022-32085 MEDIUM

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 10.0
mariadb mariadb *
CVE-2022-32086 MEDIUM

MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
mariadb mariadb *
CVE-2022-32087 MEDIUM

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 10.0
mariadb mariadb *
CVE-2022-32088 MEDIUM

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 10.0
mariadb mariadb *
CVE-2022-32089 MEDIUM

MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 37
mariadb mariadb *
fedoraproject fedora 35
CVE-2022-32091 MEDIUM

MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 37
debian debian_linux 10.0
mariadb mariadb *
fedoraproject fedora 35
CVE-2022-38791

In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.

Products Affected

Vendor Product Version
fedoraproject fedora 36
mariadb mariadb 10.9.1
fedoraproject fedora 37
mariadb mariadb *
fedoraproject fedora 35
CVE-2022-47015

MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
mariadb mariadb *
CVE-2023-22084

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert_us@oracle.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
oracle mysql *
netapp oncommand_insight -
fedoraproject fedora 37
fedoraproject fedora 38
mariadb mariadb *
oracle mysql 8.1.0
fedoraproject fedora 39
CVE-2023-26785

MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

Products Affected

Vendor Product Version
mariadb mariadb 10.5.0
CVE-2023-39593

Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

Products Affected

Vendor Product Version
mariadb mariadb 10.5.0
CVE-2023-40354

An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a "maxctrl create service" command line, but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are 2.5.28, 6.4.9, 22.08.8, and 23.02.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
mariadb maxscale *
CVE-2023-5157

A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 9.2
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_for_power_little_endian 8.0_ppc64le
redhat enterprise_linux_eus 8.8
redhat enterprise_linux 9.0
redhat enterprise_linux_for_power_little_endian_eus 9.2_ppc64le
redhat enterprise_linux_for_ibm_z_systems_eus 8.6_s390x
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_for_ibm_z_systems 9.2_s390x
redhat enterprise_linux_for_power_little_endian 9.0_ppc64le
redhat enterprise_linux_for_ibm_z_systems 9.0_s390x
redhat enterprise_linux_eus 9.2
redhat enterprise_linux 8.0
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_for_ibm_z_systems 8.0_s390x
redhat enterprise_linux_for_arm_64 8.0_aarch64
redhat enterprise_linux_for_arm_64 9.0_aarch64
redhat enterprise_linux_eus 9.0
redhat enterprise_linux_for_ibm_z_systems_eus 8.8_s390x
redhat enterprise_linux_for_power_little_endian_eus 8.8_ppc64le
redhat enterprise_linux_server_tus 8.8
redhat enterprise_linux_for_arm_64_eus 8.8_aarch64
fedoraproject fedora 38
redhat enterprise_linux_for_ibm_z_systems_eus 9.2_s390x
mariadb mariadb *
redhat enterprise_linux_server_tus 8.6
CVE-2024-27766

An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 0.9 4.7

Products Affected

Vendor Product Version
mariadb mariadb 11.1.0
CVE-2025-56404

An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via the SSE service as the SSE service lacks user validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
mariadb model_context_protocol 0.1.0
CVE-2026-32710

MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 8.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.8 6.0

Products Affected

Vendor Product Version
mariadb mariadb *
mariadb mariadb 12.1.2
CVE-2026-3494

In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ff89ba41-3aa1-4d27-914a-91399e9639e5 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
amazon aurora_mysql *
amazon relational_database_service *
mariadb mariadb *
amazon aurora_mysql 3.11.0