CVE-2016-5441
https://notcve.org/view.php?id=CVE-2016-5441
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication. Vulnerabilidad no especificada en Oracle MySQL 5.7.12 y versiones anteriores permite a administradores remotos afectar la disponibilidad a través de vectores relacionados con Server: Replication. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/91915 http://www.securitytracker.com/id/1036362 http://www.ubuntu.com/usn/USN-3040-1 •
CVE-2016-5444 – mysql: unspecified vulnerability in subcomponent: Server: Connection (CPU July 2016)
https://notcve.org/view.php?id=CVE-2016-5444
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection. Vulnerabilidad no especificada en Oracle MySQL 5.5.48 y versiones anteriores, 5.6.29 y versiones anteriores y 5.7.11 y versiones anteriores y MariaDB en versiones anteriores a 5.5.49, 10.0.x en versiones anteriores a 10.0.25 y 10.1.x en versiones anteriores a 10.1.14 permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con Server: Connection. • http://rhn.redhat.com/errata/RHSA-2016-0705.html http://rhn.redhat.com/errata/RHSA-2016-1480.html http://rhn.redhat.com/errata/RHSA-2016-1481.html http://rhn.redhat.com/errata/RHSA-2016-1602.html http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid •
CVE-2016-3459 – mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU July 2016)
https://notcve.org/view.php?id=CVE-2016-3459
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB. Vulnerabilidad no especificada en Oracle MySQL 5.6.30 y versiones anteriores y 5.7.12 y versiones anteriores y MariaDB 10.0.x en versiones anteriores a 10.0.25 y 10.1.x en versiones anteriores a 10.1.14 permite a administradores remotos afectar la disponibilidad a través de vectores relacionados con Server: InnoDB. • http://rhn.redhat.com/errata/RHSA-2016-1601.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/91943 http://www.securitytracker.com/id/1036362 http://www.ubuntu.com/usn/USN-3040-1 https://access.redhat.com/errata/RHSA-2016:1132 https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes https://access.redhat •
CVE-2016-5443
https://notcve.org/view.php?id=CVE-2016-5443
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection. Vulnerabilidad no especificada en Oracle MySQL 5.7.12 y versiones anteriores permite a usuarios locales afectar la disponibilidad a través de vectores relacionados con Server: Connection. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/91963 http://www.securitytracker.com/id/1036362 http://www.ubuntu.com/usn/USN-3040-1 •
CVE-2016-2105 – openssl: EVP_EncodeUpdate overflow
https://notcve.org/view.php?id=CVE-2016-2105
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. Desbordamiento de entero en la función EVP_EncodeUpdate en crypto/evp/encode.c en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria dinámica) a través de una gran cantidad de datos binarios. An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-05/ • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •