MySQL

Source repositories

https://github.com/mysql/mysql-server

CVEs (576)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2016-6662	MariaDB MariaDB	Cri	0.72	9.8	0.68	Sep 20, 2016	Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary…
CVE-2016-0705	OpenSSL Project OpenSSL	Cri	0.66	9.8	0.26	Mar 3, 2016	Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA…
CVE-2016-0639	Oracle Corporation MySQL	Cri	0.65	9.8	0.10	Apr 21, 2016	Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication.
CVE-2016-9843	Zlib Zlib	Cri	0.64	9.8	0.06	May 23, 2017	The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
CVE-2016-9841	Zlib Zlib	Cri	0.64	9.8	0.07	May 23, 2017	inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2017-3599	Oracle Corporation MySQL	Hig	0.59	7.5	0.90	Apr 24, 2017	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via…
CVE-2016-9842	Zlib Zlib	Hig	0.58	8.8	0.05	May 23, 2017	The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
CVE-2016-9840	Zlib Zlib	Hig	0.58	8.8	0.05	May 23, 2017	inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2016-3477	MariaDB MariaDB	Hig	0.53	8.1	0.00	Jul 21, 2016	Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to…
CVE-2016-2105	OpenSSL Project OpenSSL	Hig	0.52	7.5	0.40	May 5, 2016	Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
CVE-2002-0969	MySQL MySQL	Hig	0.51	7.8	0.01	Oct 11, 2002	Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the…
CVE-2017-3309	MariaDB MariaDB	Hig	0.50	7.7	0.03	Apr 24, 2017	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network…
CVE-2017-3308	MariaDB MariaDB	Hig	0.50	7.7	0.03	Apr 24, 2017	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access…
CVE-2016-3440	Oracle Corporation MySQL	Hig	0.50	7.7	0.03	Jul 21, 2016	Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
CVE-2017-10155	Oracle Corporation MySQL	Hig	0.49	7.5	0.04	Oct 19, 2017	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via…
CVE-2017-3450	Oracle Corporation MySQL	Hig	0.49	7.5	0.04	Apr 24, 2017	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple…
CVE-2017-3329	Oracle Corporation MySQL	Hig	0.49	7.5	0.04	Apr 24, 2017	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with…
CVE-2017-3302	MariaDB MariaDB	Hig	0.49	7.5	0.05	Feb 12, 2017	Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.
CVE-2016-6664	MariaDB MariaDB	Hig	0.49	7.0	0.03	Dec 13, 2016	mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before…
CVE-2016-6663	MariaDB MariaDB	Hig	0.49	7.0	0.04	Dec 13, 2016	Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and…

CVE-2016-6662CriSep 20, 2016
MariaDB
MariaDB
risk 0.72cvss 9.8epss 0.68
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary…
CVE-2016-0705CriMar 3, 2016
OpenSSL Project
OpenSSL
risk 0.66cvss 9.8epss 0.26
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA…
CVE-2016-0639CriApr 21, 2016
Oracle Corporation
MySQL
risk 0.65cvss 9.8epss 0.10
Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication.
CVE-2016-9843CriMay 23, 2017
Zlib
Zlib
risk 0.64cvss 9.8epss 0.06
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
CVE-2016-9841CriMay 23, 2017
Zlib
Zlib
risk 0.64cvss 9.8epss 0.07
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2017-3599HigApr 24, 2017
Oracle Corporation
MySQL
risk 0.59cvss 7.5epss 0.90
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via…
CVE-2016-9842HigMay 23, 2017
Zlib
Zlib
risk 0.58cvss 8.8epss 0.05
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
CVE-2016-9840HigMay 23, 2017
Zlib
Zlib
risk 0.58cvss 8.8epss 0.05
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2016-3477HigJul 21, 2016
MariaDB
MariaDB
risk 0.53cvss 8.1epss 0.00
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to…
CVE-2016-2105HigMay 5, 2016
OpenSSL Project
OpenSSL
risk 0.52cvss 7.5epss 0.40
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
CVE-2002-0969HigOct 11, 2002
MySQL
MySQL
risk 0.51cvss 7.8epss 0.01
Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the…
CVE-2017-3309HigApr 24, 2017
MariaDB
MariaDB
risk 0.50cvss 7.7epss 0.03
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network…
CVE-2017-3308HigApr 24, 2017
MariaDB
MariaDB
risk 0.50cvss 7.7epss 0.03
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access…
CVE-2016-3440HigJul 21, 2016
Oracle Corporation
MySQL
risk 0.50cvss 7.7epss 0.03
Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
CVE-2017-10155HigOct 19, 2017
Oracle Corporation
MySQL
risk 0.49cvss 7.5epss 0.04
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via…
CVE-2017-3450HigApr 24, 2017
Oracle Corporation
MySQL
risk 0.49cvss 7.5epss 0.04
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple…
CVE-2017-3329HigApr 24, 2017
Oracle Corporation
MySQL
risk 0.49cvss 7.5epss 0.04
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with…
CVE-2017-3302HigFeb 12, 2017
MariaDB
MariaDB
risk 0.49cvss 7.5epss 0.05
Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.
CVE-2016-6664HigDec 13, 2016
MariaDB
MariaDB
risk 0.49cvss 7.0epss 0.03
mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before…
CVE-2016-6663HigDec 13, 2016
MariaDB
MariaDB
risk 0.49cvss 7.0epss 0.04
Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and…

Page 1 of 29