CVE Daily
← All tags

Tag: MySQL

All CVEs associated with "MySQL". Page 14/20 • 2289 CVEs.

Subscribe CVEs: RSS for “MySQL”  ·  RSS (High+Critical only)

About “MySQL”

A curated feed of “MySQL”-related CVEs appears below. We currently track 2289 CVEs for this tag (all time). In the last 365 days, 184 were published. Average CVSS is 5.6 (all time; 6.4 over 365d), and 20% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-400 - Uncontrolled Resource Consumption, CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE-284 - Improper Access Control.

In our taxonomy this topic maps to a MODERATE impact class. Databases, proxies, and web servers often need coordinated restarts and config checks. Patch only modules you deploy, verify TLS and authentication, and tune limits. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2017-04-24
Medium

CVE-2017-3465

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerabili…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2017-3464

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2017-3463

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 an…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2017-3462

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 an…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2017-3461

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 an…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2017-3460

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allo…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2017-3459

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows h…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2017-3458

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high pr…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2017-3457

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high pr…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2017-3456

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2017-3455

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerabili…

CVSS: 5.4 CWE: N/A View on NVD
Medium

CVE-2017-3454

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2017-3453

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier.…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2017-3452

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily "exploitable" vulnerability allows l…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2017-3450

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable"…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2017-3331

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily "exploitable" vulnerability allows low priv…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2017-3329

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earl…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2017-3309

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier.…

CVSS: 7.7 CWE: N/A View on NVD
High

CVE-2017-3308

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily…

CVSS: 7.7 CWE: N/A View on NVD
Low

CVE-2017-3307

Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier, 3.2.1182 and earlier and 3…

CVSS: 3.1 CWE: N/A View on NVD
High

CVE-2017-3306

Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier, 3.2.1182 and earlier and 3…

CVSS: 8.3 CWE: N/A View on NVD
Medium

CVE-2017-3305

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vul…

CVSS: 5.3 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
Medium

CVE-2017-3304

Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: DD). Supported versions that are affected are 7.2.27 and earlier, 7.3.16 and earlier, 7.4.14 and earlier and 7.5.5…

CVSS: 5.4 CWE: N/A View on NVD
2017-04-13
Critical

CVE-2016-2555

SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2017-02-17
Medium

CVE-2016-1249

The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned n…

CVSS: 5.9 CWE: CWE-125 - Out-of-bounds Read View on NVD
2017-02-12
High

CVE-2017-3302

Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
2017-01-27
Low

CVE-2017-3323

Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: General). Supported versions that are affected are 7.2.25 and earlier, 7.3.14 and earlier and 7.4.12 and earlier.…

CVSS: 3.7 CWE: CWE-20 - Improper Input Validation View on NVD
Low

CVE-2017-3322

Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.25 and earlier, 7.3.14 and earlier, 7.4.12 and earlier and .…

CVSS: 3.7 CWE: N/A View on NVD
Low

CVE-2017-3321

Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: General). Supported versions that are affected are 7.2.19 and earlier, 7.3.8 and earlier and 7.4.5 and earlier. Di…

CVSS: 3.7 CWE: CWE-20 - Improper Input Validation View on NVD
Low

CVE-2017-3320

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability…

CVSS: 2.4 CWE: N/A View on NVD
Low

CVE-2017-3319

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows lo…

CVSS: 3.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-3318

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earl…

CVSS: 4.0 CWE: N/A View on NVD
Medium

CVE-2017-3317

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult…

CVSS: 4.0 CWE: N/A View on NVD
Medium

CVE-2017-3313

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Dif…

CVSS: 4.7 CWE: N/A View on NVD
Medium

CVE-2017-3312

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier.…

CVSS: 6.7 CWE: N/A View on NVD
Medium

CVE-2017-3291

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier.…

CVSS: 6.3 CWE: N/A View on NVD
Medium

CVE-2017-3273

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnera…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2017-3265

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier.…

CVSS: 5.6 CWE: N/A View on NVD
Medium

CVE-2017-3258

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2017-3257

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerabi…

CVSS: 6.5 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2017-3256

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows l…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2017-3251

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows hig…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2017-3244

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2017-3243

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows hi…

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2017-3238

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier.…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2016-8327

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to explo…

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2016-8318

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily ex…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2016-5590

Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Agent). Supported versions that are affected are 3.1.3.7856 and earlier. Easily exploitable vulnerab…

CVSS: 7.2 CWE: N/A View on NVD
Medium

CVE-2016-5541

Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. D…

CVSS: 4.8 CWE: N/A View on NVD
2017-01-23
High

CVE-2016-4338

The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, all…

CVSS: 8.1 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2016-12-13
High

CVE-2016-6664

mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percon…

CVSS: 7.0 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2016-6663

Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server b…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2016-12-11
High

CVE-2016-9864

An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the contro…

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2016-6607

XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2016-11-29
High

CVE-2016-1251

There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare…

CVSS: 8.1 CWE: CWE-416 - Use After Free View on NVD
2016-10-28
Critical

CVE-2016-8582

A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2016-10-25
Medium

CVE-2016-8290

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-…

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2016-8289

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB.

CVSS: 4.7 CWE: CWE-264 View on NVD
Low

CVE-2016-8288

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.

CVSS: 3.1 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2016-8287

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.

CVSS: 4.5 CWE: N/A View on NVD
Low

CVE-2016-8286

Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges.

CVSS: 3.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2016-8284

Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.

CVSS: 1.8 CWE: N/A View on NVD
Medium

CVE-2016-8283

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2016-5635

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit.

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2016-5634

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to RBR.

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2016-5633

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2016-5632

Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2016-5631

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached.

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2016-5630

Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2016-5629

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2016-5628

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML.

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2016-5627

Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2016-5626

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2016-5625

Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Packaging.

CVSS: 7.0 CWE: N/A View on NVD
Medium

CVE-2016-5624

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2016-5612

Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2016-5609

Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2016-5598

Unspecified vulnerability in the MySQL Connector component 2.1.3 and earlier and 2.0.4 and earlier in Oracle MySQL allows remote attackers to affect confidentiality, integrity, and availability via v…

CVSS: 5.6 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2016-5584

Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security…

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2016-5507

Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2016-3495

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2016-3492

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimi…

CVSS: 6.5 CWE: N/A View on NVD
2016-10-06
High

CVE-2016-6653

The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-mysql-release 27 and 28 allows remote attackers to obtain sensitive information by reading syslog messages, as demonstrated by cle…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2016-10-05
High

CVE-2016-1246

Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2016-09-24
Critical

CVE-2016-6531

Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor dispu…

CVSS: 9.8 CWE: CWE-255 View on NVD
2016-09-20
Critical

CVE-2016-6662

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x befo…

CVSS: 9.8 CWE: CWE-264 View on NVD
2016-09-17
High

CVE-2016-7412

ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of servi…

CVSS: 8.1 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2016-08-19
Critical

CVE-2015-8949

Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.

CVSS: 9.8 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2014-9906

Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connectio…

CVSS: 9.8 CWE: CWE-416 - Use After Free View on NVD
2016-07-21
Low

CVE-2016-5444

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote atta…

CVSS: 3.7 CWE: N/A View on NVD
Medium

CVE-2016-5443

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection.

CVSS: 4.7 CWE: N/A View on NVD
Medium

CVE-2016-5442

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption.

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2016-5441

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2016-5440

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote admi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2016-5439

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2016-5437

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log.

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2016-5436

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2016-3615

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote auth…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2016-3614

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2016-3588

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB.

CVSS: 5.9 CWE: N/A View on NVD
Medium

CVE-2016-3521

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote auth…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2016-3518

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2016-3501

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2016-3486

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2016-3477

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users…

CVSS: 8.1 CWE: N/A View on NVD
High

CVE-2016-3471

Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2016-3459

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via…

CVSS: 4.9 CWE: N/A View on NVD
Low

CVE-2016-3452

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote atta…

CVSS: 3.7 CWE: N/A View on NVD
High

CVE-2016-3440

Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

CVSS: 7.7 CWE: N/A View on NVD
Medium

CVE-2016-3424

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.

CVSS: 4.9 CWE: N/A View on NVD
High

CVE-2016-0635

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component…

CVSS: 8.8 CWE: N/A View on NVD
2016-05-22
Medium

CVE-2015-8834

Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2016-05-16
Medium

CVE-2015-3152

Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle atta…

CVSS: 5.9 CWE: CWE-295 - Improper Certificate Validation View on NVD
2016-04-21
High

CVE-2016-3461

Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality, integrity, and ava…

CVSS: 7.2 CWE: N/A View on NVD
Medium

CVE-2016-0668

Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors r…

CVSS: 4.1 CWE: N/A View on NVD
Medium

CVE-2016-0667

Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Locking.

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2016-0666

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2016-0665

Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Security: Encryption.

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2016-0663

Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Performance Schema.

CVSS: 4.7 CWE: N/A View on NVD
Medium

CVE-2016-0662

Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Partition.

CVSS: 5.5 CWE: N/A View on NVD