CVSS: 7.8EPSS: 47%CPEs: 12EXPL: 4CVE-2016-6664 – MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'root' System User Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-6664
02 Nov 2016 — mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files. mysqld_safe en Oracle MySQL hasta la versión 5.5.5... • https://packetstorm.news/files/id/139491 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.0EPSS: 2%CPEs: 13EXPL: 4CVE-2016-6663 – MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition
https://notcve.org/view.php?id=CVE-2016-6663
31 Oct 2016 — Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.... • https://packetstorm.news/files/id/139476 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-8283 – mysql: unspecified vulnerability in subcomponent: Server: Types (CPU October 2016)
https://notcve.org/view.php?id=CVE-2016-8283
25 Oct 2016 — Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types. Vulnerabilidad no especificada en Oracle MySQL 5.5.51 y versiones anteriores, 5.6.32 y versiones anteriores y 5.7.14 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con Server: Types. MariaDB is a multi-user, multi-threaded SQL database ... • http://rhn.redhat.com/errata/RHSA-2016-2130.html •
CVSS: 1.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-8284 – mysql: unspecified vulnerability in subcomponent: Server: Replication (CPU October 2016)
https://notcve.org/view.php?id=CVE-2016-8284
25 Oct 2016 — Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication. Vulnerabilidad no especificada en Oracle MySQL 5.6.31 y versiones anteriores y 5.7.13 y versiones anteriores permite a usuarios locales afectar la disponibilidad a través de vectores relacionados con Server: Replication. Multiple vulnerabilities have been found in MariaDB and MySQL, the worst of which could lead to the remote execution of a... • http://rhn.redhat.com/errata/RHSA-2016-1601.html •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8286 – Gentoo Linux Security Advisory 201701-01
https://notcve.org/view.php?id=CVE-2016-8286
25 Oct 2016 — Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges. Vulnerabilidad no especificada en Oracle MySQL 5.7.14 y versiones anteriores permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores relacionados con Server: Security: Privileges. Multiple vulnerabilities have been found in MariaDB and MySQL, the worst of which could lead to the remote execution of arbit... • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8287 – Gentoo Linux Security Advisory 201701-01
https://notcve.org/view.php?id=CVE-2016-8287
25 Oct 2016 — Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication. Vulnerabilidad no especificada en Oracle MySQL 5.7.13 y versiones anteriores permite a administradores remotos afectar la disponibilidad a través de vectores relacionados con Server: Replication. Multiple vulnerabilities have been found in MariaDB and MySQL, the worst of which could lead to the remote execution of arbitrary code. Versions less than 10.0... • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2016-8288 – mysql: unspecified vulnerability in subcomponent: Server: InnoDB Plugin (CPU October 2016)
https://notcve.org/view.php?id=CVE-2016-8288
25 Oct 2016 — Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin. Vulnerabilidad no especificada en Oracle MySQL 5.6.30 y versiones anteriores y 5.7.12 y versiones anteriores permite a usuarios remotos autenticados afectar la integridad a través de vectores relacionados con Server: InnoDB Plugin. Multiple vulnerabilities have been found in MariaDB and MySQL, the worst of which could lead to ... • http://rhn.redhat.com/errata/RHSA-2016-1601.html • CWE-284: Improper Access Control •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8289 – Gentoo Linux Security Advisory 201701-01
https://notcve.org/view.php?id=CVE-2016-8289
25 Oct 2016 — Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB. Vulnerabilidad no especificada en Oracle MySQL 5.7.13 y versiones anteriores permite a usuarios locales afectar la integridad y la disponibilidad a través de vectores relacionados con Server: InnoDB. Multiple vulnerabilities have been found in MariaDB and MySQL, the worst of which could lead to the remote execution of arbitrary code. Versions less than 1... • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8290 – Gentoo Linux Security Advisory 201701-01
https://notcve.org/view.php?id=CVE-2016-8290
25 Oct 2016 — Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-5633. Vulnerabilidad no especificada en Oracle MySQL 5.7.13 y versiones anteriores permite a administradores remotos afectar la disponibilidad a través de vectores relacionados con Server: Performance Schema, una vulnerabilidad diferente a CVE-2016-5633. Multiple vulnerabilities have been found in MariaDB a... • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5507 – mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU October 2016)
https://notcve.org/view.php?id=CVE-2016-5507
25 Oct 2016 — Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. Vulnerabilidad no especificada en Oracle MySQL 5.6.32 y versiones anteriores y 5.7.14 y versiones anteriores permite a administradores remotos afectar la disponibilidad a través de vectores relacionados con Server: InnoDB. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and man... • http://rhn.redhat.com/errata/RHSA-2016-2749.html •