Oracle MySQL vulnerabilities
1,328 known vulnerabilities affecting oracle/mysql.
Total CVEs
1,328
CISA KEV
0
Public exploits
50
Exploited in wild
0
Severity breakdown
CRITICAL12HIGH71MEDIUM1064LOW181
Vulnerabilities
Page 46 of 67
CVE-2016-3486MEDIUMCVSS 6.5≥ 5.6.0, ≤ 5.6.30≥ 5.7.0, ≤ 5.7.122016-07-21
CVE-2016-3486 [MEDIUM] CVE-2016-3486: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote au
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.
nvd
CVE-2016-3518MEDIUMCVSS 6.5≤ 5.7.122016-07-21
CVE-2016-3518 [MEDIUM] CVE-2016-3518: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to af
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
nvd
CVE-2016-3501MEDIUMCVSS 6.5≥ 5.6.0, ≤ 5.6.30≥ 5.7.0, ≤ 5.7.122016-07-21
CVE-2016-3501 [MEDIUM] CVE-2016-3501: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote au
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
nvd
CVE-2016-3588MEDIUMCVSS 5.9≤ 5.7.122016-07-21
CVE-2016-3588 [MEDIUM] CVE-2016-3588: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to af
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB.
nvd
CVE-2016-5437MEDIUMCVSS 4.9≤ 5.7.122016-07-21
CVE-2016-5437 [MEDIUM] CVE-2016-5437: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log.
nvd
CVE-2016-3424MEDIUMCVSS 4.9≤ 5.7.122016-07-21
CVE-2016-3424 [MEDIUM] CVE-2016-3424: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.
nvd
CVE-2016-3452LOWCVSS 3.7≥ 5.5.0, ≤ 5.5.48≥ 5.6.0, ≤ 5.6.29+1 more2016-07-21
CVE-2016-3452 [LOW] CVE-2016-3452: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and ear
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.
nvd
CVE-2016-5444LOWCVSS 3.7≥ 5.5.0, ≤ 5.5.48≥ 5.6.0, ≤ 5.6.29+1 more2016-07-21
CVE-2016-5444 [LOW] CVE-2016-5444: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and ear
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.
nvd
CVE-2015-3152MEDIUMCVSS 5.9≤ 5.7.22016-05-16
CVE-2015-3152 [MEDIUM] CWE-295 CVE-2015-3152: Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB b
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.
nvd
CVE-2016-2105HIGHCVSS 7.5≥ 5.6.0, ≤ 5.6.30≥ 5.7.0, ≤ 5.7.122016-05-05
CVE-2016-2105 [HIGH] CWE-190 CVE-2016-2105: Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t an
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
nvd
CVE-2016-0639CRITICALCVSS 9.8≥ 5.6.0, ≤ 5.6.29≥ 5.7.0, ≤ 5.7.112016-04-21
CVE-2016-0639 [CRITICAL] CVE-2016-0639: Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote at
Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication.
nvd
CVE-2016-0657MEDIUMCVSS 5.5≤ 5.7.112016-04-21
CVE-2016-0657 [MEDIUM] CVE-2016-0657: Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect confidenti
Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect confidentiality via vectors related to JSON.
nvd
CVE-2016-0650MEDIUMCVSS 5.5≥ 5.5.0, ≤ 5.5.47≥ 5.6.0, ≤ 5.6.28+1 more2016-04-21
CVE-2016-0650 [MEDIUM] CVE-2016-0650: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and ear
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.
nvd
CVE-2016-0649MEDIUMCVSS 5.5≥ 5.5.0, ≤ 5.5.47≥ 5.6.0, ≤ 5.6.28+1 more2016-04-21
CVE-2016-0649 [MEDIUM] CVE-2016-0649: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and ear
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.
nvd
CVE-2016-0666MEDIUMCVSS 5.5≥ 5.5.0, ≤ 5.5.48≥ 5.6.0, ≤ 5.6.29+1 more2016-04-21
CVE-2016-0666 [MEDIUM] CVE-2016-0666: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and ear
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.
nvd
CVE-2016-0647MEDIUMCVSS 5.5≥ 5.5.0, ≤ 5.5.48≥ 5.6.0, ≤ 5.6.29+1 more2016-04-21
CVE-2016-0647 [MEDIUM] CVE-2016-0647: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and ear
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.
nvd
CVE-2016-0655MEDIUMCVSS 4.7≥ 5.6.0, ≤ 5.6.29≥ 5.7.0, ≤ 5.7.112016-04-21
CVE-2016-0655 [MEDIUM] CVE-2016-0655: Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0
Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to InnoDB.
nvd
CVE-2016-0644MEDIUMCVSS 5.5≥ 5.5.0, ≤ 5.5.47≥ 5.6.0, ≤ 5.6.28+1 more2016-04-21
CVE-2016-0644 [MEDIUM] CVE-2016-0644: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and ear
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.
nvd
CVE-2016-0648MEDIUMCVSS 5.5≥ 5.5.0, ≤ 5.5.48≥ 5.6.0, ≤ 5.6.29+1 more2016-04-21
CVE-2016-0648 [MEDIUM] CVE-2016-0648: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and ear
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.
nvd
CVE-2016-0663MEDIUMCVSS 4.7≤ 5.7.102016-04-21
CVE-2016-0663 [MEDIUM] CVE-2016-0663: Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availabili
Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Performance Schema.
nvd