CVSS: 7.8EPSS: 6%CPEs: 12EXPL: 4CVE-2016-6664 – MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'root' System User Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-6664
02 Nov 2016 — mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files. mysqld_safe en Oracle MySQL hasta la versión 5.5.5... • https://packetstorm.news/files/id/139491 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.0EPSS: 0%CPEs: 13EXPL: 4CVE-2016-6663 – MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition
https://notcve.org/view.php?id=CVE-2016-6663
31 Oct 2016 — Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.... • https://packetstorm.news/files/id/139476 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.8EPSS: 0%CPEs: 21EXPL: 0CVE-2016-3492 – mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU October 2016)
https://notcve.org/view.php?id=CVE-2016-3492
25 Oct 2016 — Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. Vulnerabilidad no especificada en Oracle MySQL 5.5.51 y versiones anteriores, 5.6.32 y versiones anteriores y 5.7.14 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con Server: Optimizer. MariaDB is a multi-user, multi-threaded SQL d... • http://rhn.redhat.com/errata/RHSA-2016-2130.html •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-8283 – mysql: unspecified vulnerability in subcomponent: Server: Types (CPU October 2016)
https://notcve.org/view.php?id=CVE-2016-8283
25 Oct 2016 — Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types. Vulnerabilidad no especificada en Oracle MySQL 5.5.51 y versiones anteriores, 5.6.32 y versiones anteriores y 5.7.14 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con Server: Types. MariaDB is a multi-user, multi-threaded SQL database ... • http://rhn.redhat.com/errata/RHSA-2016-2130.html •
CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 0CVE-2016-5612 – mysql: unspecified vulnerability in subcomponent: Server: DML (CPU October 2016)
https://notcve.org/view.php?id=CVE-2016-5612
25 Oct 2016 — Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML. Vulnerabilidad no especificada en Oracle MySQL 5.5.50 y versiones anteriores, 5.6.31 y versiones anteriores y 5.7.13 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con DML. MariaDB is a multi-user, multi-threaded SQL database server. For all prac... • http://rhn.redhat.com/errata/RHSA-2016-1601.html •
CVSS: 4.9EPSS: 0%CPEs: 21EXPL: 0CVE-2016-5629 – mysql: unspecified vulnerability in subcomponent: Server: Federated (CPU October 2016)
https://notcve.org/view.php?id=CVE-2016-5629
25 Oct 2016 — Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated. Vulnerabilidad no especificada en Oracle MySQL 5.5.51 y versiones anteriores, 5.6.32 y versiones anteriores, and 5.7.14 y versiones anteriores permite a administradores remotos afectar la disponibilidad a través de vectores relacionados con Server: Federated. MariaDB is a multi-user, multi-threaded SQL database ... • http://rhn.redhat.com/errata/RHSA-2016-2130.html •
CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 0CVE-2016-5626 – mysql: unspecified vulnerability in subcomponent: Server: GIS (CPU October 2016)
https://notcve.org/view.php?id=CVE-2016-5626
25 Oct 2016 — Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. Vulnerabilidad no especificada en Oracle MySQL 5.5.51 y versiones anteriores, 5.6.32 y versiones anteriores y 5.7.14 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con GIS. MariaDB is a multi-user, multi-threaded SQL database server. For all prac... • http://rhn.redhat.com/errata/RHSA-2016-2130.html •
CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 0CVE-2016-5624 – mysql: unspecified vulnerability in subcomponent: Server: DML (CPU October 2016)
https://notcve.org/view.php?id=CVE-2016-5624
25 Oct 2016 — Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML. Vulnerabilidad no especificada en Oracle MySQL 5.5.51 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con DML. MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a new... • http://rhn.redhat.com/errata/RHSA-2016-2130.html •
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2016-5584 – Gentoo Linux Security Advisory 201701-01
https://notcve.org/view.php?id=CVE-2016-5584
25 Oct 2016 — Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption. Vulnerabilidad no especificada en Oracle MySQL 5.5.52 y versiones anteriores, 5.6.33 y versiones anteriores y 5.7.15 y versiones anteriores permite a administradores remotos afectar la confidencialidad a través de vectores relacionados con Server: Security: Encryption. Multiple security issues were... • http://www.debian.org/security/2016/dsa-3706 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-7440 – Slackware Security Advisory - mariadb Updates
https://notcve.org/view.php?id=CVE-2016-7440
25 Oct 2016 — The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences. La implementación de software C de AES Encryption and Decryption en wolfSSL (anterioremtne CyaSSL) en versiones anteriores a 3.9.10 hace más fácil para usuarios locales descubrir las claves AES aprovechando las diferencias de tiempo de banco del cachè. Multiple security issues were discovered in MySQL and t... • http://www.debian.org/security/2016/dsa-3706 •