Vulnerabilities > Oracle > Mysql

DATE CVE VULNERABILITY TITLE RISK
2016-07-21 CVE-2016-3477 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.
local
high complexity
ibm oracle mariadb debian canonical
8.1
2016-07-21 CVE-2016-3471 Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.
local
high complexity
oracle redhat mariadb
7.5
2016-07-21 CVE-2016-3459 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.
network
low complexity
mariadb oracle
4.9
2016-07-21 CVE-2016-3452 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.
network
high complexity
redhat oracle mariadb ibm
3.7
2016-07-21 CVE-2016-3440 Unspecified vulnerability in Oracle Mysql
Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
network
low complexity
oracle
7.7
2016-07-21 CVE-2016-3424 Unspecified vulnerability in Oracle Mysql
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.
network
low complexity
oracle
4.9
2016-05-16 CVE-2015-3152 Improper Certificate Validation vulnerability in multiple products
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.
network
high complexity
oracle mariadb fedoraproject debian redhat php CWE-295
5.9
2016-05-05 CVE-2016-2105 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
7.5
2016-04-21 CVE-2016-0668 Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB.
local
high complexity
oracle mariadb debian suse opensuse canonical
4.1
2016-04-21 CVE-2016-0667 Unspecified vulnerability in Oracle Mysql
Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Locking.
local
low complexity
oracle
4.4