{"openvas": [{"lastseen": "2020-03-05T18:51:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0599", "CVE-2016-0601"], "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "modified": "2020-03-04T00:00:00", "published": "2017-11-22T00:00:00", "id": "OPENVAS:1361412562310812171", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812171", "type": "openvas", "title": "Oracle MySQL Multiple Unspecified Vulnerabilities-02 Feb16 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_mult_unspecified_vuln02_feb16_lin.nasl 2016-01-28 13:07:06 +0530 feb$\n#\n# Oracle MySQL Multiple Unspecified Vulnerabilities-02 Feb16 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812171\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2016-0601\", \"CVE-2016-0599\");\n script_bugtraq_id(81211, 81203);\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-11-22 13:22:48 +0530 (Wed, 22 Nov 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Oracle MySQL Multiple Unspecified Vulnerabilities-02 Feb16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Unspecified errors exists in the MySQL Server\n component via unknown vectors related to Server.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n authenticated remote attacker to affect confidentiality, integrity, and\n availability via unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL Server 5.7.9 on Linux\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)) exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:sqlPort, exit_no_version:TRUE)) exit(0);\nmysqlVer = infos['version'];\nmysqlPath = infos['location'];\n\nif(mysqlVer =~ \"^(5\\.7)\")\n{\n if(version_is_equal(version:mysqlVer, test_version:\"5.7.9\"))\n {\n report = report_fixed_ver( installed_version:mysqlVer, fixed_version: \"Apply the patch\", install_path:mysqlPath );\n security_message(data:report, port:sqlPort);\n exit(0);\n }\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-03-05T18:53:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0599", "CVE-2016-0601"], "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "modified": "2020-03-04T00:00:00", "published": "2016-02-08T00:00:00", "id": "OPENVAS:1361412562310806857", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806857", "type": "openvas", "title": "Oracle MySQL Multiple Unspecified Vulnerabilities-02 Feb16 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_mult_unspecified_vuln02_feb16_win.nasl 2016-01-28 13:07:06 +0530 feb$\n#\n# Oracle MySQL Multiple Unspecified Vulnerabilities-02 Feb16 (Windows)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806857\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2016-0601\", \"CVE-2016-0599\");\n script_bugtraq_id(81211, 81203);\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-02-08 16:01:20 +0530 (Mon, 08 Feb 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Oracle MySQL Multiple Unspecified Vulnerabilities-02 Feb16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Unspecified errors exists in the MySQL Server\n component via unknown vectors related to Server.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n authenticated remote attacker to affect confidentiality, integrity, and\n availability via unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL Server 5.7.9 on windows\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort)){\n exit(0);\n}\n\nif(mysqlVer =~ \"^(5\\.7)\")\n{\n if(version_is_equal(version:mysqlVer, test_version:\"5.7.9\"))\n {\n report = report_fixed_ver( installed_version:mysqlVer, fixed_version: \"Apply the patch\" );\n security_message(data:report, port:sqlPort);\n exit(0);\n }\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4895", "CVE-2016-0608", "CVE-2016-0600", "CVE-2015-4830", "CVE-2016-0611", "CVE-2015-4816", "CVE-2016-0599", "CVE-2015-4913", "CVE-2016-0594", "CVE-2016-0546", "CVE-2016-0605", "CVE-2015-4858", "CVE-2015-4802", "CVE-2016-0606", "CVE-2015-4815", "CVE-2016-0616", "CVE-2016-0610", "CVE-2016-0609", "CVE-2015-4879", "CVE-2016-0596", "CVE-2016-0504", "CVE-2015-4792", "CVE-2016-0595", "CVE-2015-4819", "CVE-2016-0503", "CVE-2015-4807", "CVE-2016-0598", "CVE-2016-0502", "CVE-2016-0601", "CVE-2015-4836", "CVE-2015-4861", "CVE-2016-0607", "CVE-2015-4870", "CVE-2016-0597", "CVE-2015-4826", "CVE-2015-7744", "CVE-2016-0505"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-03-06T00:00:00", "id": "OPENVAS:1361412562310807463", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807463", "type": "openvas", "title": "Fedora Update for mariadb FEDORA-2016-868", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mariadb FEDORA-2016-868\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807463\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-06 05:07:04 +0100 (Sun, 06 Mar 2016)\");\n script_cve_id(\"CVE-2015-4792\", \"CVE-2015-4802\", \"CVE-2015-4807\", \"CVE-2015-4815\",\n \"CVE-2015-4816\", \"CVE-2015-4819\", \"CVE-2015-4826\", \"CVE-2015-4830\",\n \"CVE-2015-4836\", \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4870\",\n \"CVE-2015-4879\", \"CVE-2015-4895\", \"CVE-2015-4913\", \"CVE-2015-7744\",\n \"CVE-2016-0502\", \"CVE-2016-0503\", \"CVE-2016-0504\", \"CVE-2016-0505\",\n \"CVE-2016-0546\", \"CVE-2016-0594\", \"CVE-2016-0595\", \"CVE-2016-0596\",\n \"CVE-2016-0597\", \"CVE-2016-0598\", \"CVE-2016-0599\", \"CVE-2016-0600\",\n \"CVE-2016-0601\", \"CVE-2016-0605\", \"CVE-2016-0606\", \"CVE-2016-0607\",\n \"CVE-2016-0608\", \"CVE-2016-0609\", \"CVE-2016-0610\", \"CVE-2016-0611\",\n \"CVE-2016-0616\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mariadb FEDORA-2016-868\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mariadb'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mariadb on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-868\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178514.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.0.23~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T22:58:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4895", "CVE-2015-4905", "CVE-2015-4866", "CVE-2016-0608", "CVE-2016-0600", "CVE-2015-4830", "CVE-2016-0611", "CVE-2016-0599", "CVE-2015-4913", "CVE-2016-0594", "CVE-2015-4864", "CVE-2016-0546", "CVE-2015-4910", "CVE-2016-0605", "CVE-2015-4858", "CVE-2015-4802", "CVE-2016-0606", "CVE-2015-4815", "CVE-2016-0616", "CVE-2015-4800", "CVE-2016-0610", "CVE-2016-0609", "CVE-2015-4791", "CVE-2015-4879", "CVE-2016-0596", "CVE-2016-0504", "CVE-2015-4792", "CVE-2015-4904", "CVE-2015-4833", "CVE-2016-0595", "CVE-2015-4819", "CVE-2016-0503", "CVE-2015-4807", "CVE-2016-0598", "CVE-2016-0502", "CVE-2016-0601", "CVE-2015-4766", "CVE-2015-4836", "CVE-2015-4861", "CVE-2016-0607", "CVE-2015-4870", "CVE-2016-0597", "CVE-2015-4826", "CVE-2015-4862", "CVE-2015-7744", "CVE-2015-4890", "CVE-2016-0505"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310120674", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120674", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-684)", "sourceData": "# Copyright (C) 2016 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120674\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:11:50 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-684)\");\n script_tag(name:\"solution\", value:\"Run yum update mysql56 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-684.html\");\n script_cve_id(\"CVE-2015-4864\", \"CVE-2015-4866\", \"CVE-2015-4861\", \"CVE-2015-4862\", \"CVE-2016-0616\", \"CVE-2015-4910\", \"CVE-2015-4913\", \"CVE-2016-0610\", \"CVE-2016-0594\", \"CVE-2016-0595\", \"CVE-2016-0596\", \"CVE-2016-0597\", \"CVE-2016-0598\", \"CVE-2015-4792\", \"CVE-2015-4791\", \"CVE-2015-4807\", \"CVE-2015-4870\", \"CVE-2016-0599\", \"CVE-2016-0546\", \"CVE-2015-4858\", \"CVE-2015-4815\", \"CVE-2015-4833\", \"CVE-2015-4830\", \"CVE-2015-4836\", \"CVE-2016-0608\", \"CVE-2016-0609\", \"CVE-2016-0505\", \"CVE-2016-0504\", \"CVE-2015-4890\", \"CVE-2016-0601\", \"CVE-2015-4904\", \"CVE-2015-4905\", \"CVE-2016-0605\", \"CVE-2016-0606\", \"CVE-2015-7744\", \"CVE-2015-4766\", \"CVE-2016-0611\", \"CVE-2016-0607\", \"CVE-2015-4819\", \"CVE-2015-4879\", \"CVE-2016-0502\", \"CVE-2015-4895\", \"CVE-2016-0503\", \"CVE-2016-0600\", \"CVE-2015-4802\", \"CVE-2015-4800\", \"CVE-2015-4826\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"mysql56-debuginfo\", rpm:\"mysql56-debuginfo~5.6.29~1.14.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql56-common\", rpm:\"mysql56-common~5.6.29~1.14.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql56-test\", rpm:\"mysql56-test~5.6.29~1.14.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql56-errmsg\", rpm:\"mysql56-errmsg~5.6.29~1.14.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql56-server\", rpm:\"mysql56-server~5.6.29~1.14.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql56-devel\", rpm:\"mysql56-devel~5.6.29~1.14.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql56\", rpm:\"mysql56~5.6.29~1.14.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql56-libs\", rpm:\"mysql56-libs~5.6.29~1.14.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql56-bench\", rpm:\"mysql56-bench~5.6.29~1.14.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql56-embedded-devel\", rpm:\"mysql56-embedded-devel~5.6.29~1.14.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql56-embedded\", rpm:\"mysql56-embedded~5.6.29~1.14.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4895", "CVE-2015-4905", "CVE-2015-4866", "CVE-2016-0608", "CVE-2016-0600", "CVE-2015-4830", "CVE-2016-0611", "CVE-2016-0599", "CVE-2015-4913", "CVE-2016-0594", "CVE-2015-4864", "CVE-2016-0546", "CVE-2015-4910", "CVE-2016-0605", "CVE-2015-4858", "CVE-2015-4802", "CVE-2016-0606", "CVE-2015-4815", "CVE-2016-0616", "CVE-2015-4800", "CVE-2016-0610", "CVE-2016-0609", "CVE-2015-4791", "CVE-2015-4879", "CVE-2016-0596", "CVE-2016-0504", "CVE-2015-4792", "CVE-2015-4904", "CVE-2015-4833", "CVE-2016-0595", "CVE-2015-4819", "CVE-2016-0503", "CVE-2015-4807", "CVE-2016-0598", "CVE-2016-0502", "CVE-2016-0601", "CVE-2015-4766", "CVE-2015-4836", "CVE-2015-4861", "CVE-2016-0607", "CVE-2015-4870", "CVE-2016-0597", "CVE-2015-4826", "CVE-2015-4862", "CVE-2015-7744", "CVE-2015-4890", "CVE-2016-0505"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-03-10T00:00:00", "id": "OPENVAS:1361412562310807488", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807488", "type": "openvas", "title": "Fedora Update for community-mysql FEDORA-2016-5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for community-mysql FEDORA-2016-5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807488\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-10 06:12:02 +0100 (Thu, 10 Mar 2016)\");\n script_cve_id(\"CVE-2015-4766\", \"CVE-2015-4791\", \"CVE-2015-4792\", \"CVE-2015-4800\",\n \"CVE-2015-4802\", \"CVE-2015-4807\", \"CVE-2015-4815\", \"CVE-2015-4819\",\n \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4833\", \"CVE-2015-4836\",\n \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4862\", \"CVE-2015-4864\",\n \"CVE-2015-4866\", \"CVE-2015-4870\", \"CVE-2015-4879\", \"CVE-2015-4890\",\n \"CVE-2015-4895\", \"CVE-2015-4904\", \"CVE-2015-4905\", \"CVE-2015-4910\",\n \"CVE-2015-4913\", \"CVE-2015-7744\", \"CVE-2016-0502\", \"CVE-2016-0503\",\n \"CVE-2016-0504\", \"CVE-2016-0505\", \"CVE-2016-0546\", \"CVE-2016-0594\",\n \"CVE-2016-0595\", \"CVE-2016-0596\", \"CVE-2016-0597\", \"CVE-2016-0598\",\n \"CVE-2016-0599\", \"CVE-2016-0600\", \"CVE-2016-0601\", \"CVE-2016-0605\",\n \"CVE-2016-0606\", \"CVE-2016-0607\", \"CVE-2016-0608\", \"CVE-2016-0609\",\n \"CVE-2016-0610\", \"CVE-2016-0611\", \"CVE-2016-0616\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for community-mysql FEDORA-2016-5\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'community-mysql'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"community-mysql on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178585.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"community-mysql\", rpm:\"community-mysql~5.6.29~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4895", "CVE-2015-4905", "CVE-2015-4866", "CVE-2016-0608", "CVE-2016-0600", "CVE-2015-4830", "CVE-2016-0611", "CVE-2016-0599", "CVE-2015-4913", "CVE-2016-0594", "CVE-2015-4864", "CVE-2016-0546", "CVE-2015-4910", "CVE-2016-0605", "CVE-2015-4858", "CVE-2015-4802", "CVE-2016-0606", "CVE-2015-4815", "CVE-2016-0616", "CVE-2015-4800", "CVE-2016-0610", "CVE-2016-0609", "CVE-2015-4791", "CVE-2015-4879", "CVE-2016-0596", "CVE-2016-0504", "CVE-2015-4792", "CVE-2015-4904", "CVE-2015-4833", "CVE-2016-0595", "CVE-2015-4819", "CVE-2016-0503", "CVE-2015-4807", "CVE-2016-0598", "CVE-2016-0502", "CVE-2016-0601", "CVE-2015-4766", "CVE-2015-4836", "CVE-2015-4861", "CVE-2016-0607", "CVE-2015-4870", "CVE-2016-0597", "CVE-2015-4826", "CVE-2015-4862", "CVE-2015-7744", "CVE-2015-4890", "CVE-2016-0505"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-03-10T00:00:00", "id": "OPENVAS:1361412562310807487", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807487", "type": "openvas", "title": "Fedora Update for community-mysql FEDORA-2016-65", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for community-mysql FEDORA-2016-65\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807487\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-10 06:13:03 +0100 (Thu, 10 Mar 2016)\");\n script_cve_id(\"CVE-2015-4766\", \"CVE-2015-4791\", \"CVE-2015-4792\", \"CVE-2015-4800\",\n \"CVE-2015-4802\", \"CVE-2015-4807\", \"CVE-2015-4815\", \"CVE-2015-4819\",\n \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4833\", \"CVE-2015-4836\",\n \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4862\", \"CVE-2015-4864\",\n \"CVE-2015-4866\", \"CVE-2015-4870\", \"CVE-2015-4879\", \"CVE-2015-4890\",\n \"CVE-2015-4895\", \"CVE-2015-4904\", \"CVE-2015-4905\", \"CVE-2015-4910\",\n \"CVE-2015-4913\", \"CVE-2015-7744\", \"CVE-2016-0502\", \"CVE-2016-0503\",\n \"CVE-2016-0504\", \"CVE-2016-0505\", \"CVE-2016-0546\", \"CVE-2016-0594\",\n \"CVE-2016-0595\", \"CVE-2016-0596\", \"CVE-2016-0597\", \"CVE-2016-0598\",\n \"CVE-2016-0599\", \"CVE-2016-0600\", \"CVE-2016-0601\", \"CVE-2016-0605\",\n \"CVE-2016-0606\", \"CVE-2016-0607\", \"CVE-2016-0608\", \"CVE-2016-0609\",\n \"CVE-2016-0610\", \"CVE-2016-0611\", \"CVE-2016-0616\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for community-mysql FEDORA-2016-65\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'community-mysql'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"community-mysql on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-65\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178643.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"community-mysql\", rpm:\"community-mysql~5.6.29~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2019-02-20T21:07:50", "bulletinFamily": "software", "cvelist": ["CVE-2016-0611", "CVE-2016-0599", "CVE-2016-0594", "CVE-2016-0605", "CVE-2016-0610", "CVE-2016-0504", "CVE-2016-0595", "CVE-2016-0503", "CVE-2016-0601", "CVE-2016-0607"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.2.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.1.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-09-28T18:02:00", "published": "2017-05-08T19:42:00", "id": "F5:K85298305", "href": "https://support.f5.com/csp/article/K85298305", "title": "Multiple MySQL vulnerabilities", "type": "f5", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-02-01T04:13:25", "description": "The version of MySQL running on the remote host is 5.7.x prior to\n5.7.10. It is, therefore, potentially affected by the following\nvulnerabilities :\n\n - Multiple unspecified flaws exists in the Server : DML\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service. (CVE-2016-0503,\n CVE-2016-0504)\n\n - An unspecified flaw exists in the Server : Options\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service. (CVE-2016-0505)\n\n - An unspecified flaw exists in the Client subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-0546)\n\n - Multiple unspecified flaws exist in the Server :\n Optimizer subcomponent that allows an authenticated,\n remote attacker to cause a denial of service.\n (CVE-2016-0597, CVE-2016-0598, CVE-2016-0599,\n CVE-2016-0611)\n\n - An unspecified flaw exists in the Server : InnoDB\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service.\n (CVE-2016-0600)\n\n - An unspecified flaw exists in the Server : Partition\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service.\n (CVE-2016-0601)\n\n - An unspecified flaw exists in the Server : Security :\n Encryption subcomponent that allows an authenticated,\n remote attacker to impact integrity. (CVE-2016-0606,\n CVE-2016-0609)\n\n - An unspecified flaw exists in the Server : Replication\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service. (CVE-2016-0607)\n\n - An unspecified flaw exists in the Server : UDF\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service. (CVE-2016-0608)\n\n - A denial of service vulnerability exists due to\n repeatedly executing a prepared statement when the\n default database has been changed. An authenticated,\n remote attacker can exploit this to cause the server\n to exit.\n\n - A denial of service vulnerability exists due to a\n use-after-free error that is triggered when generated\n column expressions are reevaluated. An authenticated,\n remote attacker can exploit this to deference already\n freed memory, thus causing the server to exit.\n\n - A denial of service vulnerability exists due to a flaw\n that is triggered when selecting DECIMAL values into\n user-defined variables. An authenticated, remote\n attacker can exploit this to cause the server to exit.\n\n - A denial of service vulnerability exists due to a\n use-after-free error in spatial functions. An\n authenticated, remote attacker can exploit this to\n deference already freed memory, thus causing the server\n to exit.\n\n - A flaw exists in the Server : InnoDB subcomponent due to\n a failure to check for destination files with the same\n name when using the ALTER TABLE operation to convert a\n table to an InnoDB file-per-table tablespace. An\n authenticated, remote attacker can exploit this to cause\n a denial of service.\n\n - A NULL pointer dereference flaw exists in the Server :\n InnoDB subcomponent due to a failure to properly check\n the return value of an unspecified function call used in\n a DROP TABLE operation. An authenticated, remote\n attacker can exploit this to cause a denial of service.\n\n - A flaw exists in the Server : InnoDB subcomponent in the\n row_quiesce_table_start() function that is triggered\n when running a 'FLUSH TABLE ... FOR EXPORT' operation on\n a partitioned table with partitions residing in a system\n or general tablespace. An authenticated, remote attacker\n can exploit this to cause a denial of service condition.\n\n - A flaw exists in the Server : InnoDB subcomponent that\n is triggered when handling 'ALTER TABLE ... DISCARD\n TABLESPACE' operations. An authenticated, remote\n attacker can exploit this to cause a denial of service\n condition.\n\n - A flaw exists in the Server : InnoDB subcomponent that\n is triggered when handling 'TRUNCATE TABLE' operations.\n An authenticated, remote attacker can exploit this to\n cause a denial of service condition.\n\n - A flaw exists in the Server : InnoDB subcomponent that\n is triggered when handling 'SELECT ... FOR UPDATE'\n operations on tables that only contain virtual columns\n and virtual column indexes. An authenticated, remote\n attacker can exploit this to cause a denial of service\n condition.\n\n - A flaw exists in the Server : InnoDB subcomponent that\n is triggered when handling in-place operations that\n rebuild tables with multiple indexed virtual columns. An\n authenticated, remote attacker can exploit this to cause\n a denial of service condition.\n\n - A denial of service vulnerability exists that is\n triggered when updating views using ALL comparison\n operators on subqueries that select from indexed columns\n in the main table. An authenticated, remote attacker can\n exploit this to cause the server to exit, resulting in a\n denial of service condition.\n\n - A flaw exists in the Server : InnoDB subcomponent that\n is triggered when handling ALTER TABLE operations. An\n authenticated, remote attacker can exploit this to cause\n a denial of service condition.\n\n - A remote code execution vulnerability exists due to\n improper validation of user-supplied input to the\n strcpy() and sprintf() functions. An authenticated,\n remote attacker can exploit this to cause a buffer\n overflow, resulting in a denial of service condition or\n the execution of arbitrary code.\n\n - A denial of service vulnerability exists due to a flaw\n that is triggered when selecting DECIMAL values into\n user-defined variables. An authenticated, remote\n attacker can exploit this to cause the server to exit.\n\n - A denial of service vulnerability exists that is\n triggered when handling concurrent FLUSH PRIVILEGES and\n REVOKE or GRANT statements. An authenticated, remote\n attacker can exploit this to cause the server to exit by\n triggering an invalid memory access to proxy user\n information.\n\n - A denial of service vulnerability exists that is\n triggered on the second execution of a prepared\n statement where an ORDER BY clause references a column\n position. An authenticated, remote attacker can exploit\n this to cause the server to exit.", "edition": 31, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-12-16T00:00:00", "title": "MySQL 5.7.x < 5.7.10 Multiple DoS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0608", "CVE-2016-0600", "CVE-2016-0611", "CVE-2016-0599", "CVE-2016-0546", "CVE-2016-0606", "CVE-2016-0609", "CVE-2016-0504", "CVE-2016-0503", "CVE-2016-0598", "CVE-2016-0601", "CVE-2016-0607", "CVE-2016-0597", "CVE-2016-0505"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_7_10.NASL", "href": "https://www.tenable.com/plugins/nessus/87421", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87421);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2016-0503\",\n \"CVE-2016-0504\",\n \"CVE-2016-0505\",\n \"CVE-2016-0546\",\n \"CVE-2016-0597\",\n \"CVE-2016-0598\",\n \"CVE-2016-0599\",\n \"CVE-2016-0600\",\n \"CVE-2016-0601\",\n \"CVE-2016-0606\",\n \"CVE-2016-0607\",\n \"CVE-2016-0608\",\n \"CVE-2016-0609\",\n \"CVE-2016-0611\"\n );\n\n script_name(english:\"MySQL 5.7.x < 5.7.10 Multiple DoS\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple denial of service\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.7.x prior to\n5.7.10. It is, therefore, potentially affected by the following\nvulnerabilities :\n\n - Multiple unspecified flaws exists in the Server : DML\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service. (CVE-2016-0503,\n CVE-2016-0504)\n\n - An unspecified flaw exists in the Server : Options\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service. (CVE-2016-0505)\n\n - An unspecified flaw exists in the Client subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-0546)\n\n - Multiple unspecified flaws exist in the Server :\n Optimizer subcomponent that allows an authenticated,\n remote attacker to cause a denial of service.\n (CVE-2016-0597, CVE-2016-0598, CVE-2016-0599,\n CVE-2016-0611)\n\n - An unspecified flaw exists in the Server : InnoDB\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service.\n (CVE-2016-0600)\n\n - An unspecified flaw exists in the Server : Partition\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service.\n (CVE-2016-0601)\n\n - An unspecified flaw exists in the Server : Security :\n Encryption subcomponent that allows an authenticated,\n remote attacker to impact integrity. (CVE-2016-0606,\n CVE-2016-0609)\n\n - An unspecified flaw exists in the Server : Replication\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service. (CVE-2016-0607)\n\n - An unspecified flaw exists in the Server : UDF\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service. (CVE-2016-0608)\n\n - A denial of service vulnerability exists due to\n repeatedly executing a prepared statement when the\n default database has been changed. An authenticated,\n remote attacker can exploit this to cause the server\n to exit.\n\n - A denial of service vulnerability exists due to a\n use-after-free error that is triggered when generated\n column expressions are reevaluated. An authenticated,\n remote attacker can exploit this to deference already\n freed memory, thus causing the server to exit.\n\n - A denial of service vulnerability exists due to a flaw\n that is triggered when selecting DECIMAL values into\n user-defined variables. An authenticated, remote\n attacker can exploit this to cause the server to exit.\n\n - A denial of service vulnerability exists due to a\n use-after-free error in spatial functions. An\n authenticated, remote attacker can exploit this to\n deference already freed memory, thus causing the server\n to exit.\n\n - A flaw exists in the Server : InnoDB subcomponent due to\n a failure to check for destination files with the same\n name when using the ALTER TABLE operation to convert a\n table to an InnoDB file-per-table tablespace. An\n authenticated, remote attacker can exploit this to cause\n a denial of service.\n\n - A NULL pointer dereference flaw exists in the Server :\n InnoDB subcomponent due to a failure to properly check\n the return value of an unspecified function call used in\n a DROP TABLE operation. An authenticated, remote\n attacker can exploit this to cause a denial of service.\n\n - A flaw exists in the Server : InnoDB subcomponent in the\n row_quiesce_table_start() function that is triggered\n when running a 'FLUSH TABLE ... FOR EXPORT' operation on\n a partitioned table with partitions residing in a system\n or general tablespace. An authenticated, remote attacker\n can exploit this to cause a denial of service condition.\n\n - A flaw exists in the Server : InnoDB subcomponent that\n is triggered when handling 'ALTER TABLE ... DISCARD\n TABLESPACE' operations. An authenticated, remote\n attacker can exploit this to cause a denial of service\n condition.\n\n - A flaw exists in the Server : InnoDB subcomponent that\n is triggered when handling 'TRUNCATE TABLE' operations.\n An authenticated, remote attacker can exploit this to\n cause a denial of service condition.\n\n - A flaw exists in the Server : InnoDB subcomponent that\n is triggered when handling 'SELECT ... FOR UPDATE'\n operations on tables that only contain virtual columns\n and virtual column indexes. An authenticated, remote\n attacker can exploit this to cause a denial of service\n condition.\n\n - A flaw exists in the Server : InnoDB subcomponent that\n is triggered when handling in-place operations that\n rebuild tables with multiple indexed virtual columns. An\n authenticated, remote attacker can exploit this to cause\n a denial of service condition.\n\n - A denial of service vulnerability exists that is\n triggered when updating views using ALL comparison\n operators on subqueries that select from indexed columns\n in the main table. An authenticated, remote attacker can\n exploit this to cause the server to exit, resulting in a\n denial of service condition.\n\n - A flaw exists in the Server : InnoDB subcomponent that\n is triggered when handling ALTER TABLE operations. An\n authenticated, remote attacker can exploit this to cause\n a denial of service condition.\n\n - A remote code execution vulnerability exists due to\n improper validation of user-supplied input to the\n strcpy() and sprintf() functions. An authenticated,\n remote attacker can exploit this to cause a buffer\n overflow, resulting in a denial of service condition or\n the execution of arbitrary code.\n\n - A denial of service vulnerability exists due to a flaw\n that is triggered when selecting DECIMAL values into\n user-defined variables. An authenticated, remote\n attacker can exploit this to cause the server to exit.\n\n - A denial of service vulnerability exists that is\n triggered when handling concurrent FLUSH PRIVILEGES and\n REVOKE or GRANT statements. An authenticated, remote\n attacker can exploit this to cause the server to exit by\n triggering an invalid memory access to proxy user\n information.\n\n - A denial of service vulnerability exists that is\n triggered on the second execution of a prepared\n statement where an ORDER BY clause references a column\n position. An authenticated, remote attacker can exploit\n this to cause the server to exit.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-10.html\");\n # http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?75a4a4fb\");\n # https://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6405bf15\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.7.10 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0546\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/16\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'5.7.10', min:'5.7', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-04T19:09:51", "description": "The version of Oracle MySQL installed on the remote host is 5.7.x\nprior to 5.7.10. It is, therefore, affected by the following\nvulnerabilities :\n\n - An unspecified flaw exists in the Client subcomponent.\n A local attacker can exploit this to execute arbitrary\n code. (CVE-2016-0546)\n\n - An unspecified flaw exists in the Security:Encryption\n subcomponent. An authenticated, remote attacker can\n exploit this to impact integrity. (CVE-2016-0606)\n\nAdditionally, unspecified denial of service vulnerabilities exist in\nthe following MySQL subcomponents :\n\n - DML (CVE-2016-0503, CVE-2016-0504, CVE-2016-0598)\n\n - InnoDB (CVE-2016-0600)\n\n - Optimizer (CVE-2016-0597, CVE-2016-0599, CVE-2016-0611)\n\n - Options (CVE-2016-0505)\n\n - Partition (CVE-2016-0601)\n\n - Replication (CVE-2016-0607)\n\n - Security:Privileges (CVE-2016-0609)\n\n - UDF (CVE-2016-0608)", "edition": 21, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-01-26T00:00:00", "title": "Oracle MySQL 5.7.x < 5.7.10 Multiple Vulnerabilities (January 2016 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0608", "CVE-2016-0600", "CVE-2016-0611", "CVE-2016-0599", "CVE-2016-0546", "CVE-2016-0606", "CVE-2016-0609", "CVE-2016-0504", "CVE-2016-0503", "CVE-2016-0598", "CVE-2016-0601", "CVE-2016-0607", "CVE-2016-0597", "CVE-2016-0505"], "modified": "2016-01-26T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mysql", "cpe:/a:oracle:mysql", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:fermilab:scientific_linux:mysql", "p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:centos:centos:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql", "p-cpe:/a:amazon:linux:mysql"], "id": "MYSQL_5_7_10_RPM.NASL", "href": "https://www.tenable.com/plugins/nessus/88384", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88384);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/03\");\n\n script_cve_id(\n \"CVE-2016-0503\",\n \"CVE-2016-0504\",\n \"CVE-2016-0505\",\n \"CVE-2016-0546\",\n \"CVE-2016-0597\",\n \"CVE-2016-0598\",\n \"CVE-2016-0599\",\n \"CVE-2016-0600\",\n \"CVE-2016-0601\",\n \"CVE-2016-0606\",\n \"CVE-2016-0607\",\n \"CVE-2016-0608\",\n \"CVE-2016-0609\",\n \"CVE-2016-0611\"\n );\n\n script_name(english:\"Oracle MySQL 5.7.x < 5.7.10 Multiple Vulnerabilities (January 2016 CPU)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle MySQL installed on the remote host is 5.7.x\nprior to 5.7.10. It is, therefore, affected by the following\nvulnerabilities :\n\n - An unspecified flaw exists in the Client subcomponent.\n A local attacker can exploit this to execute arbitrary\n code. (CVE-2016-0546)\n\n - An unspecified flaw exists in the Security:Encryption\n subcomponent. An authenticated, remote attacker can\n exploit this to impact integrity. (CVE-2016-0606)\n\nAdditionally, unspecified denial of service vulnerabilities exist in\nthe following MySQL subcomponents :\n\n - DML (CVE-2016-0503, CVE-2016-0504, CVE-2016-0598)\n\n - InnoDB (CVE-2016-0600)\n\n - Optimizer (CVE-2016-0597, CVE-2016-0599, CVE-2016-0611)\n\n - Options (CVE-2016-0505)\n\n - Partition (CVE-2016-0601)\n\n - Replication (CVE-2016-0607)\n\n - Security:Privileges (CVE-2016-0609)\n\n - UDF (CVE-2016-0608)\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2368796.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?10ceb1c6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-10.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.oracle.com/rs?type=doc&id=2096144.1\");\n # https://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d13bbe45\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the January 2016 Oracle\nCritical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0546\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/26\");\n\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n script_require_ports(\"Host/RedHat/release\", \"Host/AmazonLinux/release\", \"Host/SuSE/release\", \"Host/CentOS/release\");\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\npackage_list = make_list(\n \"mysql-community-client\",\n \"mysql-community-common\",\n \"mysql-community-devel\",\n \"mysql-community-embedded\",\n \"mysql-community-libs\",\n \"mysql-community-libs-compat\",\n \"mysql-community-server\",\n \"MySQL-client\",\n \"MySQL-client-advanced\",\n \"MySQL-devel\",\n \"MySQL-devel-advanced\",\n \"MySQL-shared\",\n \"MySQL-shared-advanced\",\n \"MySQL-shared-compat\",\n \"MySQL-shared-compat-advanced\",\n \"MySQL-server\",\n \"MySQL-server-advanced\"\n);\nrhel_list = make_list(\n \"EL5\",\n \"EL6\",\n \"EL7\",\n \"FC20\",\n \"FC21\",\n \"FC22\",\n \"FC23\",\n \"RHEL5\",\n \"RHEL6\",\n \"RHEL7\",\n \"SL5\",\n \"SL6\",\n \"SL7\"\n);\nala_list = make_list(\n \"ALA\"\n);\nsuse_list = make_list(\n \"SLED11\",\n \"SLED12\",\n \"SLES11\",\n \"SLES12\",\n \"SUSE13.1\",\n \"SUSE13.2\",\n \"SUSE42.1\"\n);\ncentos_list = make_list(\n \"CentOS-5\",\n \"CentOS-6\",\n \"CentOS-7\"\n);\n\nfix_version = \"5.7.10\";\nexists_version = \"5.7\";\n\nmysql_check_rpms(mysql_packages:package_list, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:rhel_list, centos_os_list:centos_list, suse_os_list:suse_list, ala_os_list:ala_list, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:14:27", "description": "This is an update to 10.0.23 that delivers also all fixes for\nCVE-2015-4792, CVE-2015-4802, CVE-2015-4807, CVE-2015-4815,\nCVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830,\nCVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870,\nCVE-2015-4879, CVE-2015-4895, CVE-2015-4913, CVE-2015-7744,\nCVE-2016-0502, CVE-2016-0503, CVE-2016-0504, CVE-2016-0505,\nCVE-2016-0546, CVE-2016-0594, CVE-2016-0595, CVE-2016-0596,\nCVE-2016-0597, CVE-2016-0598, CVE-2016-0599, CVE-2016-0600,\nCVE-2016-0601, CVE-2016-0605, CVE-2016-0606, CVE-2016-0607,\nCVE-2016-0608, CVE-2016-0609, CVE-2016-0610, CVE-2016-0611,\nCVE-2016-0616 (some of them were fixed in previous update already).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "published": "2016-03-07T00:00:00", "title": "Fedora 22 : mariadb-10.0.23-1.fc22 (2016-868c170507)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4895", "CVE-2016-0608", "CVE-2016-0600", "CVE-2015-4830", "CVE-2016-0611", "CVE-2015-4816", "CVE-2016-0599", "CVE-2015-4913", "CVE-2016-0594", "CVE-2016-0546", "CVE-2016-0605", "CVE-2015-4858", "CVE-2015-4802", "CVE-2016-0606", "CVE-2015-4815", "CVE-2016-0616", "CVE-2016-0610", "CVE-2016-0609", "CVE-2015-4879", "CVE-2016-0596", "CVE-2016-0504", "CVE-2015-4792", "CVE-2016-0595", "CVE-2015-4819", "CVE-2016-0503", "CVE-2015-4807", "CVE-2016-0598", "CVE-2016-0502", "CVE-2016-0601", "CVE-2015-4836", "CVE-2015-4861", "CVE-2016-0607", "CVE-2015-4870", "CVE-2016-0597", "CVE-2015-4826", "CVE-2015-7744", "CVE-2016-0505"], "modified": "2016-03-07T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mariadb", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2016-868C170507.NASL", "href": "https://www.tenable.com/plugins/nessus/89701", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-868c170507.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89701);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2016-868c170507\");\n\n script_name(english:\"Fedora 22 : mariadb-10.0.23-1.fc22 (2016-868c170507)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is an update to 10.0.23 that delivers also all fixes for\nCVE-2015-4792, CVE-2015-4802, CVE-2015-4807, CVE-2015-4815,\nCVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830,\nCVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870,\nCVE-2015-4879, CVE-2015-4895, CVE-2015-4913, CVE-2015-7744,\nCVE-2016-0502, CVE-2016-0503, CVE-2016-0504, CVE-2016-0505,\nCVE-2016-0546, CVE-2016-0594, CVE-2016-0595, CVE-2016-0596,\nCVE-2016-0597, CVE-2016-0598, CVE-2016-0599, CVE-2016-0600,\nCVE-2016-0601, CVE-2016-0605, CVE-2016-0606, CVE-2016-0607,\nCVE-2016-0608, CVE-2016-0609, CVE-2016-0610, CVE-2016-0611,\nCVE-2016-0616 (some of them were fixed in previous update already).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178514.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?77f2fb85\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"mariadb-10.0.23-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:14:55", "description": "This is an update to 10.0.23 that delivers also all fixes for\nCVE-2015-4792, CVE-2015-4802, CVE-2015-4807, CVE-2015-4815,\nCVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830,\nCVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870,\nCVE-2015-4879, CVE-2015-4895, CVE-2015-4913, CVE-2015-7744,\nCVE-2016-0502, CVE-2016-0503, CVE-2016-0504, CVE-2016-0505,\nCVE-2016-0546, CVE-2016-0594, CVE-2016-0595, CVE-2016-0596,\nCVE-2016-0597, CVE-2016-0598, CVE-2016-0599, CVE-2016-0600,\nCVE-2016-0601, CVE-2016-0605, CVE-2016-0606, CVE-2016-0607,\nCVE-2016-0608, CVE-2016-0609, CVE-2016-0610, CVE-2016-0611,\nCVE-2016-0616 (some of them were fixed in previous update already).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "published": "2016-03-04T00:00:00", "title": "Fedora 23 : mariadb-10.0.23-1.fc23 (2016-e30164d0a2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4895", "CVE-2016-0608", "CVE-2016-0600", "CVE-2015-4830", "CVE-2016-0611", "CVE-2015-4816", "CVE-2016-0599", "CVE-2015-4913", "CVE-2016-0594", "CVE-2016-0546", "CVE-2016-0605", "CVE-2015-4858", "CVE-2015-4802", "CVE-2016-0606", "CVE-2015-4815", "CVE-2016-0616", "CVE-2016-0610", "CVE-2016-0609", "CVE-2015-4879", "CVE-2016-0596", "CVE-2016-0504", "CVE-2015-4792", "CVE-2016-0595", "CVE-2015-4819", "CVE-2016-0503", "CVE-2015-4807", "CVE-2016-0598", "CVE-2016-0502", "CVE-2016-0601", "CVE-2015-4836", "CVE-2015-4861", "CVE-2016-0607", "CVE-2015-4870", "CVE-2016-0597", "CVE-2015-4826", "CVE-2015-7744", "CVE-2016-0505"], "modified": "2016-03-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mariadb", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-E30164D0A2.NASL", "href": "https://www.tenable.com/plugins/nessus/89628", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-e30164d0a2.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89628);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-4792\", \"CVE-2015-4802\", \"CVE-2015-4807\", \"CVE-2015-4815\", \"CVE-2015-4816\", \"CVE-2015-4819\", \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4836\", \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4870\", \"CVE-2015-4879\", \"CVE-2015-4895\", \"CVE-2015-4913\");\n script_xref(name:\"FEDORA\", value:\"2016-e30164d0a2\");\n\n script_name(english:\"Fedora 23 : mariadb-10.0.23-1.fc23 (2016-e30164d0a2)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is an update to 10.0.23 that delivers also all fixes for\nCVE-2015-4792, CVE-2015-4802, CVE-2015-4807, CVE-2015-4815,\nCVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830,\nCVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870,\nCVE-2015-4879, CVE-2015-4895, CVE-2015-4913, CVE-2015-7744,\nCVE-2016-0502, CVE-2016-0503, CVE-2016-0504, CVE-2016-0505,\nCVE-2016-0546, CVE-2016-0594, CVE-2016-0595, CVE-2016-0596,\nCVE-2016-0597, CVE-2016-0598, CVE-2016-0599, CVE-2016-0600,\nCVE-2016-0601, CVE-2016-0605, CVE-2016-0606, CVE-2016-0607,\nCVE-2016-0608, CVE-2016-0609, CVE-2016-0610, CVE-2016-0611,\nCVE-2016-0616 (some of them were fixed in previous update already).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1276224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1301518\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c8e428fd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mariadb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"mariadb-10.0.23-1.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mariadb\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:14:20", "description": "This is an update to 5.6.29 that delivers also all fixes for\nCVE-2015-4766, CVE-2015-4791, CVE-2015-4792, CVE-2015-4800,\nCVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4819,\nCVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836,\nCVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864,\nCVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890,\nCVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910,\nCVE-2015-4913, CVE-2015-7744, CVE-2016-0502, CVE-2016-0503,\nCVE-2016-0504, CVE-2016-0505, CVE-2016-0546, CVE-2016-0594,\nCVE-2016-0595, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598,\nCVE-2016-0599, CVE-2016-0600, CVE-2016-0601, CVE-2016-0605,\nCVE-2016-0606, CVE-2016-0607, CVE-2016-0608, CVE-2016-0609,\nCVE-2016-0610, CVE-2016-0611, CVE-2016-0616 (some of them were fixed\nin previous update already).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "published": "2016-03-10T00:00:00", "title": "Fedora 23 : community-mysql-5.6.29-1.fc23 (2016-65a1f22818)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4895", "CVE-2015-4905", "CVE-2015-4866", "CVE-2016-0608", "CVE-2016-0600", "CVE-2015-4830", "CVE-2016-0611", "CVE-2016-0599", "CVE-2015-4913", "CVE-2016-0594", "CVE-2015-4864", "CVE-2016-0546", "CVE-2015-4910", "CVE-2016-0605", "CVE-2015-4858", "CVE-2015-4802", "CVE-2016-0606", "CVE-2015-4815", "CVE-2016-0616", "CVE-2015-4800", "CVE-2016-0610", "CVE-2016-0609", "CVE-2015-4791", "CVE-2015-4879", "CVE-2016-0596", "CVE-2016-0504", "CVE-2015-4792", "CVE-2015-4904", "CVE-2015-4833", "CVE-2016-0595", "CVE-2015-4819", "CVE-2016-0503", "CVE-2015-4807", "CVE-2016-0598", "CVE-2016-0502", "CVE-2016-0601", "CVE-2015-4766", "CVE-2015-4836", "CVE-2015-4861", "CVE-2016-0607", "CVE-2015-4870", "CVE-2016-0597", "CVE-2015-4826", "CVE-2015-4862", "CVE-2015-7744", "CVE-2015-4890", "CVE-2016-0505"], "modified": "2016-03-10T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:community-mysql", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-65A1F22818.NASL", "href": "https://www.tenable.com/plugins/nessus/89800", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-65a1f22818.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89800);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2016-65a1f22818\");\n\n script_name(english:\"Fedora 23 : community-mysql-5.6.29-1.fc23 (2016-65a1f22818)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is an update to 5.6.29 that delivers also all fixes for\nCVE-2015-4766, CVE-2015-4791, CVE-2015-4792, CVE-2015-4800,\nCVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4819,\nCVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836,\nCVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864,\nCVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890,\nCVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910,\nCVE-2015-4913, CVE-2015-7744, CVE-2016-0502, CVE-2016-0503,\nCVE-2016-0504, CVE-2016-0505, CVE-2016-0546, CVE-2016-0594,\nCVE-2016-0595, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598,\nCVE-2016-0599, CVE-2016-0600, CVE-2016-0601, CVE-2016-0605,\nCVE-2016-0606, CVE-2016-0607, CVE-2016-0608, CVE-2016-0609,\nCVE-2016-0610, CVE-2016-0611, CVE-2016-0616 (some of them were fixed\nin previous update already).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1267776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1276223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1301517\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178643.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9c0cc30c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected community-mysql package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:community-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"community-mysql-5.6.29-1.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"community-mysql\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:14:16", "description": "This is an update to 5.6.29 that delivers also all fixes for\nCVE-2015-4766, CVE-2015-4791, CVE-2015-4792, CVE-2015-4800,\nCVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4819,\nCVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836,\nCVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864,\nCVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890,\nCVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910,\nCVE-2015-4913, CVE-2015-7744, CVE-2016-0502, CVE-2016-0503,\nCVE-2016-0504, CVE-2016-0505, CVE-2016-0546, CVE-2016-0594,\nCVE-2016-0595, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598,\nCVE-2016-0599, CVE-2016-0600, CVE-2016-0601, CVE-2016-0605,\nCVE-2016-0606, CVE-2016-0607, CVE-2016-0608, CVE-2016-0609,\nCVE-2016-0610, CVE-2016-0611, CVE-2016-0616 (some of them were fixed\nin previous update already).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "published": "2016-03-10T00:00:00", "title": "Fedora 22 : community-mysql-5.6.29-1.fc22 (2016-5cb344dd7e)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4895", "CVE-2015-4905", "CVE-2015-4866", "CVE-2016-0608", "CVE-2016-0600", "CVE-2015-4830", "CVE-2016-0611", "CVE-2016-0599", "CVE-2015-4913", "CVE-2016-0594", "CVE-2015-4864", "CVE-2016-0546", "CVE-2015-4910", "CVE-2016-0605", "CVE-2015-4858", "CVE-2015-4802", "CVE-2016-0606", "CVE-2015-4815", "CVE-2016-0616", "CVE-2015-4800", "CVE-2016-0610", "CVE-2016-0609", "CVE-2015-4791", "CVE-2015-4879", "CVE-2016-0596", "CVE-2016-0504", "CVE-2015-4792", "CVE-2015-4904", "CVE-2015-4833", "CVE-2016-0595", "CVE-2015-4819", "CVE-2016-0503", "CVE-2015-4807", "CVE-2016-0598", "CVE-2016-0502", "CVE-2016-0601", "CVE-2015-4766", "CVE-2015-4836", "CVE-2015-4861", "CVE-2016-0607", "CVE-2015-4870", "CVE-2016-0597", "CVE-2015-4826", "CVE-2015-4862", "CVE-2015-7744", "CVE-2015-4890", "CVE-2016-0505"], "modified": "2016-03-10T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:community-mysql", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2016-5CB344DD7E.NASL", "href": "https://www.tenable.com/plugins/nessus/89799", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-5cb344dd7e.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89799);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2016-5cb344dd7e\");\n\n script_name(english:\"Fedora 22 : community-mysql-5.6.29-1.fc22 (2016-5cb344dd7e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is an update to 5.6.29 that delivers also all fixes for\nCVE-2015-4766, CVE-2015-4791, CVE-2015-4792, CVE-2015-4800,\nCVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4819,\nCVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836,\nCVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864,\nCVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890,\nCVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910,\nCVE-2015-4913, CVE-2015-7744, CVE-2016-0502, CVE-2016-0503,\nCVE-2016-0504, CVE-2016-0505, CVE-2016-0546, CVE-2016-0594,\nCVE-2016-0595, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598,\nCVE-2016-0599, CVE-2016-0600, CVE-2016-0601, CVE-2016-0605,\nCVE-2016-0606, CVE-2016-0607, CVE-2016-0608, CVE-2016-0609,\nCVE-2016-0610, CVE-2016-0611, CVE-2016-0616 (some of them were fixed\nin previous update already).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1267776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1276223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1301517\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178585.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?14896f15\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected community-mysql package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:community-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"community-mysql-5.6.29-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"community-mysql\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T01:21:16", "description": "wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults\nassociated with the Chinese Remainder Theorem (CRT) process when\nallowing ephemeral key exchange without low memory optimizations on a\nserver, which makes it easier for remote attackers to obtain private\nRSA keys by capturing TLS handshakes, also known as a Lenstra attack.\n(CVE-2015-7744)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier\nallows remote authenticated users to affect integrity via unknown\nvectors related to Server : Security : Privileges. (CVE-2015-4864)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : InnoDB. (CVE-2015-4866)\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier,\nand 5.6.26 and earlier, allows remote authenticated users to affect\navailability via unknown vectors related to Server : InnoDB.\n(CVE-2015-4861)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via vectors\nrelated to DML. (CVE-2015-4862)\n\nUnspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to Optimizer. (CVE-2016-0616)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Memcached. (CVE-2015-4910)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via vectors\nrelated to Server : DML, a different vulnerability than CVE-2015-4858\n. (CVE-2015-4913)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to InnoDB. (CVE-2016-0610)\n\nUnspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows\nremote authenticated users to affect availability via vectors related\nto DML. (CVE-2016-0594)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via vectors related\nto DML. (CVE-2016-0595)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via vectors related\nto DML. (CVE-2016-0596)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to Optimizer. (CVE-2016-0597)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via vectors related\nto DML. (CVE-2016-0598)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Partition, a different vulnerability than\nCVE-2015-4802 . (CVE-2015-4792)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Security : Privileges. (CVE-2015-4791)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier,\nwhen running on Windows, allows remote authenticated users to affect\navailability via unknown vectors related to Server : Query Cache.\n(CVE-2015-4807)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier,\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Parser. (CVE-2015-4870)\n\nUnspecified vulnerability in Oracle MySQL 5.7.9 allows remote\nauthenticated users to affect availability via unknown vectors related\nto Optimizer. (CVE-2016-0599)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nlocal users to affect confidentiality, integrity, and availability via\nunknown vectors related to Client. (CVE-2016-0546)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via vectors\nrelated to DML, a different vulnerability than CVE-2015-4913 .\n(CVE-2015-4858)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via vectors\nrelated to Server : DDL. (CVE-2015-4815)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Partition. (CVE-2015-4833)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect integrity via unknown\nvectors related to Server : Security : Privileges. (CVE-2015-4830)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : SP. (CVE-2015-4836)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via vectors related\nto UDF. (CVE-2016-0608)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to privileges. (CVE-2016-0609)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to Options. (CVE-2016-0505)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via vectors related\nto DML, a different vulnerability than CVE-2016-0503 . (CVE-2016-0504)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Replication. (CVE-2015-4890)\n\nUnspecified vulnerability in Oracle MySQL 5.7.9 allows remote\nauthenticated users to affect availability via unknown vectors related\nto Partition. (CVE-2016-0601)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to libmysqld. (CVE-2015-4904)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier\nallows remote authenticated users to affect availability via vectors\nrelated to Server : DML. (CVE-2015-4905)\n\nUnspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows\nremote authenticated users to affect availability via unknown vectors.\n(CVE-2016-0605)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect integrity via unknown vectors\nrelated to encryption. (CVE-2016-0606)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier\nallows local users to affect availability via unknown vectors related\nto Server : Security : Firewall. (CVE-2015-4766)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to Optimizer. (CVE-2016-0611)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to replication. (CVE-2016-0607)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier\nallows local users to affect confidentiality, integrity, and\navailability via unknown vectors related to Client programs.\n(CVE-2015-4819)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier\nallows remote authenticated users to affect confidentiality,\nintegrity, and availability via vectors related to DML.\n(CVE-2015-4879)\n\nUnspecified vulnerability in Oracle MySQL 5.6.11 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to Optimizer. (CVE-2016-0502)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : InnoDB. (CVE-2015-4895)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via vectors related\nto DML, a different vulnerability than CVE-2016-0504 . (CVE-2016-0503)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to InnoDB. (CVE-2016-0600)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Partition, a different vulnerability than\nCVE-2015-4792 . (CVE-2015-4802)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Optimizer. (CVE-2015-4800)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect confidentiality via\nunknown vectors related to Server : Types. (CVE-2015-4826)", "edition": 25, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2016-04-07T00:00:00", "title": "Amazon Linux AMI : mysql56 (ALAS-2016-684)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4895", "CVE-2015-4905", "CVE-2015-4866", "CVE-2016-0608", "CVE-2016-0600", "CVE-2015-4830", "CVE-2016-0611", "CVE-2016-0599", "CVE-2015-4913", "CVE-2016-0594", "CVE-2015-4864", "CVE-2016-0546", "CVE-2015-4910", "CVE-2016-0605", "CVE-2015-4858", "CVE-2015-4802", "CVE-2016-0606", "CVE-2015-4815", "CVE-2016-0616", "CVE-2015-4800", "CVE-2016-0610", "CVE-2016-0609", "CVE-2015-4791", "CVE-2015-4879", "CVE-2016-0596", "CVE-2016-0504", "CVE-2015-4792", "CVE-2015-4904", "CVE-2015-4833", "CVE-2016-0595", "CVE-2015-4819", "CVE-2016-0503", "CVE-2015-4807", "CVE-2016-0598", "CVE-2016-0502", "CVE-2016-0601", "CVE-2015-4766", "CVE-2015-4836", "CVE-2015-4861", "CVE-2016-0607", "CVE-2015-4870", "CVE-2016-0597", "CVE-2015-4826", "CVE-2015-4862", "CVE-2015-7744", "CVE-2015-4890", "CVE-2016-0505"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mysql56-libs", "p-cpe:/a:amazon:linux:mysql56-embedded", "p-cpe:/a:amazon:linux:mysql56-errmsg", "p-cpe:/a:amazon:linux:mysql56-test", "p-cpe:/a:amazon:linux:mysql56", "p-cpe:/a:amazon:linux:mysql56-embedded-devel", "p-cpe:/a:amazon:linux:mysql56-bench", "p-cpe:/a:amazon:linux:mysql56-common", "p-cpe:/a:amazon:linux:mysql56-devel", "p-cpe:/a:amazon:linux:mysql56-debuginfo", "p-cpe:/a:amazon:linux:mysql56-server", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-684.NASL", "href": "https://www.tenable.com/plugins/nessus/90366", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-684.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90366);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2015-4766\", \"CVE-2015-4791\", \"CVE-2015-4792\", \"CVE-2015-4800\", \"CVE-2015-4802\", \"CVE-2015-4807\", \"CVE-2015-4815\", \"CVE-2015-4819\", \"CVE-2015-4826\", \"CVE-2015-4830\", \"CVE-2015-4833\", \"CVE-2015-4836\", \"CVE-2015-4858\", \"CVE-2015-4861\", \"CVE-2015-4862\", \"CVE-2015-4864\", \"CVE-2015-4866\", \"CVE-2015-4870\", \"CVE-2015-4879\", \"CVE-2015-4890\", \"CVE-2015-4895\", \"CVE-2015-4904\", \"CVE-2015-4905\", \"CVE-2015-4910\", \"CVE-2015-4913\", \"CVE-2015-7744\", \"CVE-2016-0502\", \"CVE-2016-0503\", \"CVE-2016-0504\", \"CVE-2016-0505\", \"CVE-2016-0546\", \"CVE-2016-0594\", \"CVE-2016-0595\", \"CVE-2016-0596\", \"CVE-2016-0597\", \"CVE-2016-0598\", \"CVE-2016-0599\", \"CVE-2016-0600\", \"CVE-2016-0601\", \"CVE-2016-0605\", \"CVE-2016-0606\", \"CVE-2016-0607\", \"CVE-2016-0608\", \"CVE-2016-0609\", \"CVE-2016-0610\", \"CVE-2016-0611\", \"CVE-2016-0616\");\n script_xref(name:\"ALAS\", value:\"2016-684\");\n\n script_name(english:\"Amazon Linux AMI : mysql56 (ALAS-2016-684)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults\nassociated with the Chinese Remainder Theorem (CRT) process when\nallowing ephemeral key exchange without low memory optimizations on a\nserver, which makes it easier for remote attackers to obtain private\nRSA keys by capturing TLS handshakes, also known as a Lenstra attack.\n(CVE-2015-7744)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier\nallows remote authenticated users to affect integrity via unknown\nvectors related to Server : Security : Privileges. (CVE-2015-4864)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : InnoDB. (CVE-2015-4866)\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier,\nand 5.6.26 and earlier, allows remote authenticated users to affect\navailability via unknown vectors related to Server : InnoDB.\n(CVE-2015-4861)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via vectors\nrelated to DML. (CVE-2015-4862)\n\nUnspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to Optimizer. (CVE-2016-0616)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Memcached. (CVE-2015-4910)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via vectors\nrelated to Server : DML, a different vulnerability than CVE-2015-4858\n. (CVE-2015-4913)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to InnoDB. (CVE-2016-0610)\n\nUnspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows\nremote authenticated users to affect availability via vectors related\nto DML. (CVE-2016-0594)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via vectors related\nto DML. (CVE-2016-0595)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via vectors related\nto DML. (CVE-2016-0596)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to Optimizer. (CVE-2016-0597)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via vectors related\nto DML. (CVE-2016-0598)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Partition, a different vulnerability than\nCVE-2015-4802 . (CVE-2015-4792)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Security : Privileges. (CVE-2015-4791)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier,\nwhen running on Windows, allows remote authenticated users to affect\navailability via unknown vectors related to Server : Query Cache.\n(CVE-2015-4807)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier,\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Parser. (CVE-2015-4870)\n\nUnspecified vulnerability in Oracle MySQL 5.7.9 allows remote\nauthenticated users to affect availability via unknown vectors related\nto Optimizer. (CVE-2016-0599)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nlocal users to affect confidentiality, integrity, and availability via\nunknown vectors related to Client. (CVE-2016-0546)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via vectors\nrelated to DML, a different vulnerability than CVE-2015-4913 .\n(CVE-2015-4858)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via vectors\nrelated to Server : DDL. (CVE-2015-4815)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Partition. (CVE-2015-4833)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect integrity via unknown\nvectors related to Server : Security : Privileges. (CVE-2015-4830)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : SP. (CVE-2015-4836)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via vectors related\nto UDF. (CVE-2016-0608)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to privileges. (CVE-2016-0609)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to Options. (CVE-2016-0505)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via vectors related\nto DML, a different vulnerability than CVE-2016-0503 . (CVE-2016-0504)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Replication. (CVE-2015-4890)\n\nUnspecified vulnerability in Oracle MySQL 5.7.9 allows remote\nauthenticated users to affect availability via unknown vectors related\nto Partition. (CVE-2016-0601)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to libmysqld. (CVE-2015-4904)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier\nallows remote authenticated users to affect availability via vectors\nrelated to Server : DML. (CVE-2015-4905)\n\nUnspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows\nremote authenticated users to affect availability via unknown vectors.\n(CVE-2016-0605)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect integrity via unknown vectors\nrelated to encryption. (CVE-2016-0606)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier\nallows local users to affect availability via unknown vectors related\nto Server : Security : Firewall. (CVE-2015-4766)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to Optimizer. (CVE-2016-0611)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to replication. (CVE-2016-0607)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier\nallows local users to affect confidentiality, integrity, and\navailability via unknown vectors related to Client programs.\n(CVE-2015-4819)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier\nallows remote authenticated users to affect confidentiality,\nintegrity, and availability via vectors related to DML.\n(CVE-2015-4879)\n\nUnspecified vulnerability in Oracle MySQL 5.6.11 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to Optimizer. (CVE-2016-0502)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : InnoDB. (CVE-2015-4895)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via vectors related\nto DML, a different vulnerability than CVE-2016-0504 . (CVE-2016-0503)\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows\nremote authenticated users to affect availability via unknown vectors\nrelated to InnoDB. (CVE-2016-0600)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Partition, a different vulnerability than\nCVE-2015-4792 . (CVE-2015-4802)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect availability via unknown\nvectors related to Server : Optimizer. (CVE-2015-4800)\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier\nallows remote authenticated users to affect confidentiality via\nunknown vectors related to Server : Types. (CVE-2015-4826)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-684.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mysql56' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-5.6.29-1.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-bench-5.6.29-1.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-common-5.6.29-1.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-debuginfo-5.6.29-1.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-devel-5.6.29-1.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-embedded-5.6.29-1.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-embedded-devel-5.6.29-1.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-errmsg-5.6.29-1.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-libs-5.6.29-1.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-server-5.6.29-1.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-test-5.6.29-1.14.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql56 / mysql56-bench / mysql56-common / mysql56-debuginfo / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4792", "CVE-2015-4802", "CVE-2015-4807", "CVE-2015-4815", "CVE-2015-4816", "CVE-2015-4819", "CVE-2015-4826", "CVE-2015-4830", "CVE-2015-4836", "CVE-2015-4858", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4879", "CVE-2015-4895", "CVE-2015-4913", "CVE-2015-7744", "CVE-2016-0502", "CVE-2016-0503", "CVE-2016-0504", "CVE-2016-0505", "CVE-2016-0546", "CVE-2016-0594", "CVE-2016-0595", "CVE-2016-0596", "CVE-2016-0597", "CVE-2016-0598", "CVE-2016-0599", "CVE-2016-0600", "CVE-2016-0601", "CVE-2016-0605", "CVE-2016-0606", "CVE-2016-0607", "CVE-2016-0608", "CVE-2016-0609", "CVE-2016-0610", "CVE-2016-0611", "CVE-2016-0616"], "description": "MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files. ", "modified": "2016-03-05T22:51:47", "published": "2016-03-05T22:51:47", "id": "FEDORA:2C4E6617FD66", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: mariadb-10.0.23-1.fc22", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4792", "CVE-2015-4802", "CVE-2015-4807", "CVE-2015-4815", "CVE-2015-4816", "CVE-2015-4819", "CVE-2015-4826", "CVE-2015-4830", "CVE-2015-4836", "CVE-2015-4858", "CVE-2015-4861", "CVE-2015-4870", "CVE-2015-4879", "CVE-2015-4895", "CVE-2015-4913", "CVE-2015-7744", "CVE-2016-0502", "CVE-2016-0503", "CVE-2016-0504", "CVE-2016-0505", "CVE-2016-0546", "CVE-2016-0594", "CVE-2016-0595", "CVE-2016-0596", "CVE-2016-0597", "CVE-2016-0598", "CVE-2016-0599", "CVE-2016-0600", "CVE-2016-0601", "CVE-2016-0605", "CVE-2016-0606", "CVE-2016-0607", "CVE-2016-0608", "CVE-2016-0609", "CVE-2016-0610", "CVE-2016-0611", "CVE-2016-0616"], "description": "MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files. ", "modified": "2016-02-21T16:34:44", "published": "2016-02-21T16:34:44", "id": "FEDORA:0994E61361B1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: mariadb-10.0.23-1.fc23", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4766", "CVE-2015-4791", "CVE-2015-4792", "CVE-2015-4800", "CVE-2015-4802", "CVE-2015-4807", "CVE-2015-4815", "CVE-2015-4819", "CVE-2015-4826", "CVE-2015-4830", "CVE-2015-4833", "CVE-2015-4836", "CVE-2015-4858", "CVE-2015-4861", "CVE-2015-4862", "CVE-2015-4864", "CVE-2015-4866", "CVE-2015-4870", "CVE-2015-4879", "CVE-2015-4890", "CVE-2015-4895", "CVE-2015-4904", "CVE-2015-4905", "CVE-2015-4910", "CVE-2015-4913", "CVE-2015-7744", "CVE-2016-0502", "CVE-2016-0503", "CVE-2016-0504", "CVE-2016-0505", "CVE-2016-0546", "CVE-2016-0594", "CVE-2016-0595", "CVE-2016-0596", "CVE-2016-0597", "CVE-2016-0598", "CVE-2016-0599", "CVE-2016-0600", "CVE-2016-0601", "CVE-2016-0605", "CVE-2016-0606", "CVE-2016-0607", "CVE-2016-0608", "CVE-2016-0609", "CVE-2016-0610", "CVE-2016-0611", "CVE-2016-0616"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2016-03-09T20:22:00", "published": "2016-03-09T20:22:00", "id": "FEDORA:9EA6660762B4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: community-mysql-5.6.29-1.fc23", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4766", "CVE-2015-4791", "CVE-2015-4792", "CVE-2015-4800", "CVE-2015-4802", "CVE-2015-4807", "CVE-2015-4815", "CVE-2015-4819", "CVE-2015-4826", "CVE-2015-4830", "CVE-2015-4833", "CVE-2015-4836", "CVE-2015-4858", "CVE-2015-4861", "CVE-2015-4862", "CVE-2015-4864", "CVE-2015-4866", "CVE-2015-4870", "CVE-2015-4879", "CVE-2015-4890", "CVE-2015-4895", "CVE-2015-4904", "CVE-2015-4905", "CVE-2015-4910", "CVE-2015-4913", "CVE-2015-7744", "CVE-2016-0502", "CVE-2016-0503", "CVE-2016-0504", "CVE-2016-0505", "CVE-2016-0546", "CVE-2016-0594", "CVE-2016-0595", "CVE-2016-0596", "CVE-2016-0597", "CVE-2016-0598", "CVE-2016-0599", "CVE-2016-0600", "CVE-2016-0601", "CVE-2016-0605", "CVE-2016-0606", "CVE-2016-0607", "CVE-2016-0608", "CVE-2016-0609", "CVE-2016-0610", "CVE-2016-0611", "CVE-2016-0616"], "description": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. ", "modified": "2016-03-09T20:17:15", "published": "2016-03-09T20:17:15", "id": "FEDORA:B323460B0848", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: community-mysql-5.6.29-1.fc22", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:37:08", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4895", "CVE-2015-4905", "CVE-2015-4866", "CVE-2016-0608", "CVE-2016-0600", "CVE-2015-4830", "CVE-2016-0611", "CVE-2016-0599", "CVE-2015-4913", "CVE-2016-0594", "CVE-2015-4864", "CVE-2016-0546", "CVE-2015-4910", "CVE-2016-0605", "CVE-2015-4858", "CVE-2015-4802", "CVE-2016-0606", "CVE-2015-4815", "CVE-2016-0616", "CVE-2015-4800", "CVE-2016-0610", "CVE-2016-0609", "CVE-2015-4791", "CVE-2015-4879", "CVE-2016-0596", "CVE-2016-0504", "CVE-2015-4792", "CVE-2015-4904", "CVE-2015-4833", "CVE-2016-0595", "CVE-2015-4819", "CVE-2016-0503", "CVE-2015-4807", "CVE-2016-0598", "CVE-2016-0502", "CVE-2016-0601", "CVE-2015-4766", "CVE-2015-4836", "CVE-2015-4861", "CVE-2016-0607", "CVE-2015-4870", "CVE-2016-0597", "CVE-2015-4826", "CVE-2015-4862", "CVE-2015-7744", "CVE-2015-4890", "CVE-2016-0505"], "description": "**Issue Overview:**\n\nwolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, also known as a Lenstra attack. ([CVE-2015-7744 __](<https://access.redhat.com/security/cve/CVE-2015-7744>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. ([CVE-2015-4864 __](<https://access.redhat.com/security/cve/CVE-2015-4864>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. ([CVE-2015-4866 __](<https://access.redhat.com/security/cve/CVE-2015-4866>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. ([CVE-2015-4861 __](<https://access.redhat.com/security/cve/CVE-2015-4861>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML. ([CVE-2015-4862 __](<https://access.redhat.com/security/cve/CVE-2015-4862>))\n\nUnspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. ([CVE-2016-0616 __](<https://access.redhat.com/security/cve/CVE-2016-0616>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. ([CVE-2015-4910 __](<https://access.redhat.com/security/cve/CVE-2015-4910>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than [CVE-2015-4858 __](<https://access.redhat.com/security/cve/CVE-2015-4858>). ([CVE-2015-4913 __](<https://access.redhat.com/security/cve/CVE-2015-4913>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. ([CVE-2016-0610 __](<https://access.redhat.com/security/cve/CVE-2016-0610>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML. ([CVE-2016-0594 __](<https://access.redhat.com/security/cve/CVE-2016-0594>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. ([CVE-2016-0595 __](<https://access.redhat.com/security/cve/CVE-2016-0595>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. ([CVE-2016-0596 __](<https://access.redhat.com/security/cve/CVE-2016-0596>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. ([CVE-2016-0597 __](<https://access.redhat.com/security/cve/CVE-2016-0597>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. ([CVE-2016-0598 __](<https://access.redhat.com/security/cve/CVE-2016-0598>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than [CVE-2015-4802 __](<https://access.redhat.com/security/cve/CVE-2015-4802>). ([CVE-2015-4792 __](<https://access.redhat.com/security/cve/CVE-2015-4792>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. ([CVE-2015-4791 __](<https://access.redhat.com/security/cve/CVE-2015-4791>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache. ([CVE-2015-4807 __](<https://access.redhat.com/security/cve/CVE-2015-4807>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. ([CVE-2015-4870 __](<https://access.redhat.com/security/cve/CVE-2015-4870>))\n\nUnspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. ([CVE-2016-0599 __](<https://access.redhat.com/security/cve/CVE-2016-0599>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. ([CVE-2016-0546 __](<https://access.redhat.com/security/cve/CVE-2016-0546>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than [CVE-2015-4913 __](<https://access.redhat.com/security/cve/CVE-2015-4913>). ([CVE-2015-4858 __](<https://access.redhat.com/security/cve/CVE-2015-4858>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. ([CVE-2015-4815 __](<https://access.redhat.com/security/cve/CVE-2015-4815>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. ([CVE-2015-4833 __](<https://access.redhat.com/security/cve/CVE-2015-4833>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. ([CVE-2015-4830 __](<https://access.redhat.com/security/cve/CVE-2015-4830>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP. ([CVE-2015-4836 __](<https://access.redhat.com/security/cve/CVE-2015-4836>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to UDF. ([CVE-2016-0608 __](<https://access.redhat.com/security/cve/CVE-2016-0608>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to privileges. ([CVE-2016-0609 __](<https://access.redhat.com/security/cve/CVE-2016-0609>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to Options. ([CVE-2016-0505 __](<https://access.redhat.com/security/cve/CVE-2016-0505>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than [CVE-2016-0503 __](<https://access.redhat.com/security/cve/CVE-2016-0503>). ([CVE-2016-0504 __](<https://access.redhat.com/security/cve/CVE-2016-0504>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication. ([CVE-2015-4890 __](<https://access.redhat.com/security/cve/CVE-2015-4890>))\n\nUnspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Partition. ([CVE-2016-0601 __](<https://access.redhat.com/security/cve/CVE-2016-0601>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld. ([CVE-2015-4904 __](<https://access.redhat.com/security/cve/CVE-2015-4904>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML. ([CVE-2015-4905 __](<https://access.redhat.com/security/cve/CVE-2015-4905>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors. ([CVE-2016-0605 __](<https://access.redhat.com/security/cve/CVE-2016-0605>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect integrity via unknown vectors related to encryption. ([CVE-2016-0606 __](<https://access.redhat.com/security/cve/CVE-2016-0606>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall. ([CVE-2015-4766 __](<https://access.redhat.com/security/cve/CVE-2015-4766>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. ([CVE-2016-0611 __](<https://access.redhat.com/security/cve/CVE-2016-0611>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to replication. ([CVE-2016-0607 __](<https://access.redhat.com/security/cve/CVE-2016-0607>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs. ([CVE-2015-4819 __](<https://access.redhat.com/security/cve/CVE-2015-4819>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML. ([CVE-2015-4879 __](<https://access.redhat.com/security/cve/CVE-2015-4879>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. ([CVE-2016-0502 __](<https://access.redhat.com/security/cve/CVE-2016-0502>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. ([CVE-2015-4895 __](<https://access.redhat.com/security/cve/CVE-2015-4895>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than [CVE-2016-0504 __](<https://access.redhat.com/security/cve/CVE-2016-0504>). ([CVE-2016-0503 __](<https://access.redhat.com/security/cve/CVE-2016-0503>))\n\nUnspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. ([CVE-2016-0600 __](<https://access.redhat.com/security/cve/CVE-2016-0600>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than [CVE-2015-4792 __](<https://access.redhat.com/security/cve/CVE-2015-4792>). ([CVE-2015-4802 __](<https://access.redhat.com/security/cve/CVE-2015-4802>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. ([CVE-2015-4800 __](<https://access.redhat.com/security/cve/CVE-2015-4800>))\n\nUnspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. ([CVE-2015-4826 __](<https://access.redhat.com/security/cve/CVE-2015-4826>)) \n\n\n \n**Affected Packages:** \n\n\nmysql56\n\n \n**Issue Correction:** \nRun _yum update mysql56_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n mysql56-debuginfo-5.6.29-1.14.amzn1.i686 \n mysql56-common-5.6.29-1.14.amzn1.i686 \n mysql56-test-5.6.29-1.14.amzn1.i686 \n mysql56-errmsg-5.6.29-1.14.amzn1.i686 \n mysql56-server-5.6.29-1.14.amzn1.i686 \n mysql56-devel-5.6.29-1.14.amzn1.i686 \n mysql56-5.6.29-1.14.amzn1.i686 \n mysql56-libs-5.6.29-1.14.amzn1.i686 \n mysql56-bench-5.6.29-1.14.amzn1.i686 \n mysql56-embedded-devel-5.6.29-1.14.amzn1.i686 \n mysql56-embedded-5.6.29-1.14.amzn1.i686 \n \n src: \n mysql56-5.6.29-1.14.amzn1.src \n \n x86_64: \n mysql56-test-5.6.29-1.14.amzn1.x86_64 \n mysql56-bench-5.6.29-1.14.amzn1.x86_64 \n mysql56-server-5.6.29-1.14.amzn1.x86_64 \n mysql56-5.6.29-1.14.amzn1.x86_64 \n mysql56-devel-5.6.29-1.14.amzn1.x86_64 \n mysql56-errmsg-5.6.29-1.14.amzn1.x86_64 \n mysql56-embedded-5.6.29-1.14.amzn1.x86_64 \n mysql56-debuginfo-5.6.29-1.14.amzn1.x86_64 \n mysql56-libs-5.6.29-1.14.amzn1.x86_64 \n mysql56-common-5.6.29-1.14.amzn1.x86_64 \n mysql56-embedded-devel-5.6.29-1.14.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2016-04-06T14:40:00", "published": "2016-04-06T14:40:00", "id": "ALAS-2016-684", "href": "https://alas.aws.amazon.com/ALAS-2016-684.html", "title": "Important: mysql56", "type": "amazon", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oracle": [{"lastseen": "2019-05-29T18:20:52", "bulletinFamily": "software", "cvelist": ["CVE-2016-0571", "CVE-2016-0528", "CVE-2015-6013", "CVE-2015-4000", "CVE-2016-0608", "CVE-2016-0515", "CVE-2016-0514", "CVE-2016-0600", "CVE-2015-1792", "CVE-2016-0492", "CVE-2016-0611", "CVE-2016-0575", "CVE-2016-0544", "CVE-2016-0599", "CVE-2015-0235", "CVE-2016-0445", "CVE-2016-0500", "CVE-2016-0572", "CVE-2015-1793", "CVE-2016-0592", "CVE-2016-0435", "CVE-2016-0512", "CVE-2015-8126", "CVE-2016-0526", "CVE-2016-0457", "CVE-2016-0594", "CVE-2016-0498", "CVE-2016-0516", "CVE-2016-0580", "CVE-2016-0470", "CVE-2016-0444", "CVE-2016-0577", "CVE-2016-0440", "CVE-2016-0546", "CVE-2015-1789", "CVE-2016-0541", "CVE-2016-0560", "CVE-2016-0428", "CVE-2016-0447", "CVE-2016-0477", "CVE-2016-0568", "CVE-2016-0415", "CVE-2015-0286", "CVE-2016-0489", "CVE-2016-0559", "CVE-2016-0472", "CVE-2016-0578", "CVE-2016-0579", "CVE-2016-0561", "CVE-2014-3583", "CVE-2016-0412", "CVE-2015-3195", "CVE-2016-0449", "CVE-2016-0555", "CVE-2016-0481", "CVE-2016-0511", "CVE-2016-0605", "CVE-2015-4885", "CVE-2016-0455", "CVE-2015-4921", "CVE-2016-0534", "CVE-2016-0414", "CVE-2015-4924", "CVE-2016-0589", "CVE-2016-0474", "CVE-2016-0508", "CVE-2016-0465", "CVE-2016-0553", "CVE-2016-0582", "CVE-2016-0483", "CVE-2013-5855", "CVE-2016-0517", "CVE-2013-5704", "CVE-2016-0454", "CVE-2015-0288", "CVE-2016-0486", "CVE-2013-5605", "CVE-2016-0554", "CVE-2016-0542", "CVE-2016-0591", "CVE-2016-0433", "CVE-2016-0448", "CVE-2016-0506", "CVE-2016-0401", "CVE-2016-0416", "CVE-2016-0437", "CVE-2016-0550", "CVE-2016-0533", "CVE-2016-0403", "CVE-2015-4922", "CVE-2016-0566", "CVE-2016-0606", "CVE-2016-0510", "CVE-2016-0431", "CVE-2015-0285", "CVE-2016-0569", "CVE-2016-0459", "CVE-2016-0471", "CVE-2016-0564", "CVE-2016-0524", "CVE-2016-0563", "CVE-2016-0522", "CVE-2015-3153", "CVE-2016-0616", "CVE-2016-0614", "CVE-2013-1741", "CVE-2015-0207", "CVE-2016-0442", "CVE-2016-0493", "CVE-2016-0443", "CVE-2016-0618", "CVE-2016-0573", "CVE-2016-0527", "CVE-2016-0610", "CVE-2016-0609", "CVE-2016-0570", "CVE-2015-4926", "CVE-2015-0208", "CVE-2015-5307", "CVE-2016-0473", "CVE-2016-0518", "CVE-2013-1740", "CVE-2016-0567", "CVE-2015-7575", "CVE-2016-0558", "CVE-2016-0543", "CVE-2016-0463", "CVE-2016-0487", "CVE-2013-1739", "CVE-2016-0466", "CVE-2016-0462", "CVE-2016-0423", "CVE-2016-0596", "CVE-2016-0535", "CVE-2016-0509", "CVE-2016-0574", "CVE-2014-1492", "CVE-2016-0426", "CVE-2016-0460", "CVE-2016-0504", "CVE-2016-0521", "CVE-2016-0501", "CVE-2013-5606", "CVE-2016-0451", "CVE-2016-0482", "CVE-2015-4808", "CVE-2016-0539", "CVE-2014-0050", "CVE-2016-0404", "CVE-2016-0419", "CVE-2016-0494", "CVE-2015-0293", "CVE-2016-0552", "CVE-2016-0485", "CVE-2014-1490", "CVE-2016-0595", "CVE-2016-0402", "CVE-2016-0480", "CVE-2016-0478", "CVE-2016-0427", "CVE-2015-4919", "CVE-2016-0529", "CVE-2015-7183", "CVE-2016-0503", "CVE-2015-1788", "CVE-2016-0413", "CVE-2016-0476", "CVE-2016-0598", "CVE-2016-0556", "CVE-2015-0209", "CVE-2016-0422", "CVE-2016-0502", "CVE-2016-0601", "CVE-2013-2186", "CVE-2015-3183", "CVE-2015-4920", "CVE-2016-0441", "CVE-2016-0432", "CVE-2016-0484", "CVE-2016-0536", "CVE-2016-0576", "CVE-2015-0204", "CVE-2016-0540", "CVE-2016-0584", "CVE-2016-0537", "CVE-2016-0590", "CVE-2016-0565", "CVE-2016-0420", "CVE-2016-0557", "CVE-2016-0586", "CVE-2016-0417", "CVE-2016-0491", "CVE-2016-0424", "CVE-2015-8472", "CVE-2016-0450", "CVE-2016-0495", "CVE-2016-0520", "CVE-2016-0405", "CVE-2016-0488", "CVE-2015-1790", "CVE-2016-0525", "CVE-2016-0475", "CVE-2016-0499", "CVE-2016-0452", "CVE-2015-6014", "CVE-2016-0548", "CVE-2016-0519", "CVE-2016-0587", "CVE-2016-0461", "CVE-2016-0464", "CVE-2016-0409", "CVE-2016-0438", "CVE-2015-0291", "CVE-2016-0429", "CVE-2016-0497", "CVE-2014-3581", "CVE-2016-0607", "CVE-2015-8370", "CVE-2016-0439", "CVE-2015-0287", "CVE-2014-8109", "CVE-2016-0530", "CVE-2016-0456", "CVE-2016-0496", "CVE-2016-0551", "CVE-2016-0425", "CVE-2016-0421", "CVE-2016-0523", "CVE-2016-0430", "CVE-2015-0289", "CVE-2016-0597", "CVE-2016-0467", "CVE-2016-0581", "CVE-2016-0549", "CVE-2016-0458", "CVE-2014-1491", "CVE-2016-0538", "CVE-2016-0531", "CVE-2015-0292", "CVE-2016-0583", "CVE-2016-0411", "CVE-2016-0507", "CVE-2016-0490", "CVE-2016-0418", "CVE-2014-0107", "CVE-2016-0453", "CVE-2015-7744", "CVE-2016-0513", "CVE-2016-0436", "CVE-2016-0547", "CVE-2016-0588", "CVE-2015-0290", "CVE-2016-0434", "CVE-2016-0446", "CVE-2015-1787", "CVE-2016-0505", "CVE-2015-4852", "CVE-2016-0562", "CVE-2016-0585", "CVE-2015-4923", "CVE-2016-0406", "CVE-2015-1791", "CVE-2015-8104", "CVE-2016-0532", "CVE-2015-4925", "CVE-2015-6015", "CVE-2016-0545", "CVE-2016-0602"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n \n\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\n \n\n\nThis Critical Patch Update contains 248 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n \n\n\n** Please note that on November 10, 2015, Oracle released [Security Alert for CVE-2015-4852](<http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html>). Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2015-4852. **\n\n \n\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\n \n\n", "modified": "2016-02-12T00:00:00", "published": "2016-01-19T00:00:00", "id": "ORACLE:CPUJAN2016-2367955", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - January 2016", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-04T21:15:56", "bulletinFamily": "software", "cvelist": ["CVE-2013-1739", "CVE-2013-1740", "CVE-2013-1741", "CVE-2013-2186", "CVE-2013-5605", "CVE-2013-5606", "CVE-2013-5704", "CVE-2013-5855", "CVE-2014-0050", "CVE-2014-0107", "CVE-2014-1490", "CVE-2014-1491", "CVE-2014-1492", "CVE-2014-3581", "CVE-2014-3583", "CVE-2014-8109", "CVE-2015-0204", "CVE-2015-0207", "CVE-2015-0208", "CVE-2015-0209", "CVE-2015-0235", "CVE-2015-0285", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0290", "CVE-2015-0291", "CVE-2015-0292", "CVE-2015-0293", "CVE-2015-1787", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-1793", "CVE-2015-3153", "CVE-2015-3183", "CVE-2015-3195", "CVE-2015-4000", "CVE-2015-4808", "CVE-2015-4852", "CVE-2015-4885", "CVE-2015-4919", "CVE-2015-4920", "CVE-2015-4921", "CVE-2015-4922", "CVE-2015-4923", "CVE-2015-4924", "CVE-2015-4925", "CVE-2015-4926", "CVE-2015-5307", "CVE-2015-6013", "CVE-2015-6014", "CVE-2015-6015", "CVE-2015-7183", "CVE-2015-7575", "CVE-2015-7744", "CVE-2015-8104", "CVE-2015-8126", "CVE-2015-8370", "CVE-2015-8472", "CVE-2016-0401", "CVE-2016-0402", "CVE-2016-0403", "CVE-2016-0404", "CVE-2016-0405", "CVE-2016-0406", "CVE-2016-0409", "CVE-2016-0411", "CVE-2016-0412", "CVE-2016-0413", "CVE-2016-0414", "CVE-2016-0415", "CVE-2016-0416", "CVE-2016-0417", "CVE-2016-0418", "CVE-2016-0419", "CVE-2016-0420", "CVE-2016-0421", "CVE-2016-0422", "CVE-2016-0423", "CVE-2016-0424", "CVE-2016-0425", "CVE-2016-0426", "CVE-2016-0427", "CVE-2016-0428", "CVE-2016-0429", "CVE-2016-0430", "CVE-2016-0431", "CVE-2016-0432", "CVE-2016-0433", "CVE-2016-0434", "CVE-2016-0435", "CVE-2016-0436", "CVE-2016-0437", "CVE-2016-0438", "CVE-2016-0439", "CVE-2016-0440", "CVE-2016-0441", "CVE-2016-0442", "CVE-2016-0443", "CVE-2016-0444", "CVE-2016-0445", "CVE-2016-0446", "CVE-2016-0447", "CVE-2016-0448", "CVE-2016-0449", "CVE-2016-0450", "CVE-2016-0451", "CVE-2016-0452", "CVE-2016-0453", "CVE-2016-0454", "CVE-2016-0455", "CVE-2016-0456", "CVE-2016-0457", "CVE-2016-0458", "CVE-2016-0459", "CVE-2016-0460", "CVE-2016-0461", "CVE-2016-0462", "CVE-2016-0463", "CVE-2016-0464", "CVE-2016-0465", "CVE-2016-0466", "CVE-2016-0467", "CVE-2016-0470", "CVE-2016-0471", "CVE-2016-0472", "CVE-2016-0473", "CVE-2016-0474", "CVE-2016-0475", "CVE-2016-0476", "CVE-2016-0477", "CVE-2016-0478", "CVE-2016-0480", "CVE-2016-0481", "CVE-2016-0482", "CVE-2016-0483", "CVE-2016-0484", "CVE-2016-0485", "CVE-2016-0486", "CVE-2016-0487", "CVE-2016-0488", "CVE-2016-0489", "CVE-2016-0490", "CVE-2016-0491", "CVE-2016-0492", "CVE-2016-0493", "CVE-2016-0494", "CVE-2016-0495", "CVE-2016-0496", "CVE-2016-0497", "CVE-2016-0498", "CVE-2016-0499", "CVE-2016-0500", "CVE-2016-0501", "CVE-2016-0502", "CVE-2016-0503", "CVE-2016-0504", "CVE-2016-0505", "CVE-2016-0506", "CVE-2016-0507", "CVE-2016-0508", "CVE-2016-0509", "CVE-2016-0510", "CVE-2016-0511", "CVE-2016-0512", "CVE-2016-0513", "CVE-2016-0514", "CVE-2016-0515", "CVE-2016-0516", "CVE-2016-0517", "CVE-2016-0518", "CVE-2016-0519", "CVE-2016-0520", "CVE-2016-0521", "CVE-2016-0522", "CVE-2016-0523", "CVE-2016-0524", "CVE-2016-0525", "CVE-2016-0526", "CVE-2016-0527", "CVE-2016-0528", "CVE-2016-0529", "CVE-2016-0530", "CVE-2016-0531", "CVE-2016-0532", "CVE-2016-0533", "CVE-2016-0534", "CVE-2016-0535", "CVE-2016-0536", "CVE-2016-0537", "CVE-2016-0538", "CVE-2016-0539", "CVE-2016-0540", "CVE-2016-0541", "CVE-2016-0542", "CVE-2016-0543", "CVE-2016-0544", "CVE-2016-0545", "CVE-2016-0546", "CVE-2016-0547", "CVE-2016-0548", "CVE-2016-0549", "CVE-2016-0550", "CVE-2016-0551", "CVE-2016-0552", "CVE-2016-0553", "CVE-2016-0554", "CVE-2016-0555", "CVE-2016-0556", "CVE-2016-0557", "CVE-2016-0558", "CVE-2016-0559", "CVE-2016-0560", "CVE-2016-0561", "CVE-2016-0562", "CVE-2016-0563", "CVE-2016-0564", "CVE-2016-0565", "CVE-2016-0566", "CVE-2016-0567", "CVE-2016-0568", "CVE-2016-0569", "CVE-2016-0570", "CVE-2016-0571", "CVE-2016-0572", "CVE-2016-0573", "CVE-2016-0574", "CVE-2016-0575", "CVE-2016-0576", "CVE-2016-0577", "CVE-2016-0578", "CVE-2016-0579", "CVE-2016-0580", "CVE-2016-0581", "CVE-2016-0582", "CVE-2016-0583", "CVE-2016-0584", "CVE-2016-0585", "CVE-2016-0586", "CVE-2016-0587", "CVE-2016-0588", "CVE-2016-0589", "CVE-2016-0590", "CVE-2016-0591", "CVE-2016-0592", "CVE-2016-0594", "CVE-2016-0595", "CVE-2016-0596", "CVE-2016-0597", "CVE-2016-0598", "CVE-2016-0599", "CVE-2016-0600", "CVE-2016-0601", "CVE-2016-0602", "CVE-2016-0605", "CVE-2016-0606", "CVE-2016-0607", "CVE-2016-0608", "CVE-2016-0609", "CVE-2016-0610", "CVE-2016-0611", "CVE-2016-0614", "CVE-2016-0616", "CVE-2016-0618"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\nCritical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 248 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n**Please note that on November 10, 2015, Oracle released Security Alert for CVE-2015-4852. Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2015-4852. **\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: https://www.oracle.com/security-alerts/cpufaq.html#CVRF.\n", "modified": "2016-02-12T00:00:00", "published": "2016-01-19T00:00:00", "id": "ORACLE:CPUJAN2016", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - January 2016", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
