Oracle MySQL vulnerabilities
1,328 known vulnerabilities affecting oracle/mysql.
Total CVEs
1,328
CISA KEV
0
Public exploits
50
Exploited in wild
0
Severity breakdown
CRITICAL12HIGH71MEDIUM1064LOW181
Vulnerabilities
Page 41 of 67
CVE-2017-3644MEDIUMCVSS 4.9≤ 5.7.182017-08-08
CVE-2017-3644 [MEDIUM] CVE-2017-3644: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported v
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability
nvd
CVE-2017-3651MEDIUMCVSS 4.3≥ 5.5.0, ≤ 5.5.56≥ 5.6.0, ≤ 5.6.36+1 more2017-08-08
CVE-2017-3651 [MEDIUM] CVE-2017-3651: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Suppor
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this v
nvd
CVE-2017-3638MEDIUMCVSS 4.9≤ 5.7.182017-08-08
CVE-2017-3638 [MEDIUM] CVE-2017-3638: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized a
nvd
CVE-2017-3639MEDIUMCVSS 4.9≤ 5.7.182017-08-08
CVE-2017-3639 [MEDIUM] CVE-2017-3639: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported v
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability
nvd
CVE-2017-3652MEDIUMCVSS 4.2≥ 5.5.0, ≤ 5.5.56≥ 5.6.0, ≤ 5.6.36+1 more2017-08-08
CVE-2017-3652 [MEDIUM] CVE-2017-3652: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported v
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vuln
nvd
CVE-2017-3643MEDIUMCVSS 4.9≤ 5.7.182017-08-08
CVE-2017-3643 [MEDIUM] CVE-2017-3643: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported v
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability
nvd
CVE-2017-3647MEDIUMCVSS 4.4≥ 5.6.0, ≤ 5.6.36≥ 5.7.0, ≤ 5.7.182017-08-08
CVE-2017-3647 [MEDIUM] CVE-2017-3647: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Sup
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability c
nvd
CVE-2017-3640MEDIUMCVSS 4.9≤ 5.7.182017-08-08
CVE-2017-3640 [MEDIUM] CVE-2017-3640: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported v
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability
nvd
CVE-2017-3649MEDIUMCVSS 4.4≥ 5.6.0, ≤ 5.6.36≥ 5.7.0, ≤ 5.7.182017-08-08
CVE-2017-3649 [MEDIUM] CVE-2017-3649: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Sup
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability c
nvd
CVE-2017-3653LOWCVSS 3.1≥ 5.5.0, ≤ 5.5.56≥ 5.6.0, ≤ 5.6.36+1 more2017-08-08
CVE-2017-3653 [LOW] CVE-2017-3653: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported v
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnera
nvd
CVE-2017-3650LOWCVSS 3.7≤ 5.7.182017-08-08
CVE-2017-3650 [LOW] CVE-2017-3650: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: C API). Supported version
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: C API). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to
nvd
CVE-2016-9841CRITICALCVSS 9.8≥ 5.5.0, ≤ 5.5.61≥ 5.6.0, ≤ 5.6.41+2 more2017-05-23
CVE-2016-9841 [CRITICAL] CVE-2016-9841: inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by levera
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
nvd
CVE-2016-9843CRITICALCVSS 9.8≥ 5.5.0, ≤ 5.5.61≥ 5.6.0, ≤ 5.6.41+2 more2017-05-23
CVE-2016-9843 [CRITICAL] CVE-2016-9843: The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unsp
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
nvd
CVE-2016-9842HIGHCVSS 8.8≥ 5.5.0, ≤ 5.5.61≥ 5.6.0, ≤ 5.6.41+2 more2017-05-23
CVE-2016-9842 [HIGH] CWE-1335 CVE-2016-9842: The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
nvd
CVE-2016-9840HIGHCVSS 8.8≥ 5.5.0, ≤ 5.5.61≥ 5.6.0, ≤ 5.6.41+2 more2017-05-23
CVE-2016-9840 [HIGH] CVE-2016-9840: inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by lever
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
nvd
CVE-2017-3450HIGHCVSS 7.5≥ 5.6.0, ≤ 5.6.35≥ 5.7.0, ≤ 5.7.172017-04-24
CVE-2017-3450 [HIGH] CVE-2017-3450: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Suppo
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can r
nvd
CVE-2017-3309HIGHCVSS 7.7≥ 5.5.0, ≤ 5.5.54≥ 5.6.0, ≤ 5.6.35+1 more2017-04-24
CVE-2017-3309 [HIGH] CVE-2017-3309: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is
nvd
CVE-2017-3599HIGHCVSS 7.5PoC≥ 5.6.0, ≤ 5.6.35≥ 5.7.0, ≤ 5.7.172017-04-24
CVE-2017-3599 [HIGH] CWE-190 CVE-2017-3599: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnera
nvd
CVE-2017-3308HIGHCVSS 7.7≥ 5.5.0, ≤ 5.5.54≥ 5.6.0, ≤ 5.6.35+1 more2017-04-24
CVE-2017-3308 [HIGH] CVE-2017-3308: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported v
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MyS
nvd
CVE-2017-3329HIGHCVSS 7.5≥ 5.5.0, ≤ 5.5.54≥ 5.6.0, ≤ 5.6.35+1 more2017-04-24
CVE-2017-3329 [HIGH] CVE-2017-3329: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of
nvd