Oracle MySQL 5.7.x < 5.7.15 Multiple Vulnerabilities

The version of MySQL installed on the remote host is version 5.7.x prior to 5.7.15 and is affected by multiple issues :

• A flaw exists related to the way ‘REPAIR TABLE’ uses temporary files. This may allow an authenticated attacker to gain elevated privileges.
• A flaw exists in InnoDB that is triggered during the handling of an operation that dropped and created a full-text search table. This may allow an authenticated attacker to trigger an assertion and cause a denial of service.
• A flaw exists in InnoDB that is triggered when accessing full-text search auxiliary tables while dropping the indexed table. This may allow an authenticated attacker to trigger an assertion and cause a denial of service.
• An overflow condition exists that is triggered as certain input is not properly validated when handling long integer values in ‘MEDIUMINT’ columns. This may allow an authenticated attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.
• A flaw exists in the ‘validate_password’ plugin that is triggered as rejected passwords are logged in plaintext on the error log. This may allow a local attacker to gain access to passwords that did not meet the password policy, but may potentially be very close to the password ultimately chosen and accepted.
• A flaw exists in InnoDB that is triggered during the handling of an ‘ALTER TABLE … ENCRYPTION=Y, ALGORITHM=COPY’ operation on a table residing in the system tablespace. This may allow an authenticated attacker to crash the server.
• An unspecified flaw exists related to the Optimizer subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2016-3492)
• An unspecified flaw exists related to the InnoDB subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2016-5507)
• An unspecified flaw exists related to the MyISAM subcomponent. This may allow a local attacker to gain elevated privileges. No further details have been provided by the vendor. (CVE-2016-5616)
• An unspecified flaw exists related to the Error Handling subcomponent. This may allow a local attacker to gain elevated privileges. No further details have been provided by the vendor. (CVE-2016-5617)
• An unspecified flaw exists related to the Packaging subcomponent. This may allow a local attacker to gain elevated privileges. No further details have been provided by the vendor. (CVE-2016-5625)
• An unspecified flaw exists related to the GIS subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2016-5626)
• An unspecified flaw exists related to the Federated subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2016-5629)
• An unspecified flaw exists related to the Optimizer subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. (2016-5632)
• An unspecified flaw exists related to the Types subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor. (CVE-2016-8283)
• An unspecified flaw exists related to the Security: Privileges subcomponent. This may allow an authenticated remote attacker to disclose potentially sensitive information. No further details have been provided by the vendor. (CVE-2016-8286)