FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  485185
Date:      2018-11-17
Time:      18:00:17Z
Committer: joneum

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
c41bedfd-b3f9-11e7-ac58-b499baebfeafMySQL -- multiple vulnerabilities

Oracle reports:

Please reference CVE/URL list for details


Discovery 2017-10-18
Entry 2017-10-18
Modified 2017-12-23
mariadb55-server
lt 5.5.58

mariadb100-server
lt 10.0.33

mariadb101-server
lt 10.1.29

mariadb102-server
lt 10.2.10

mysql55-server
lt 5.5.58

mysql56-server
lt 5.6.38

mysql57-server
lt 5.7.20

percona55-server
lt 5.5.58

percona56-server
lt 5.6.38

percona57-server
lt 5.7.20

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10155
CVE-2017-10379
CVE-2017-10384
CVE-2017-10276
CVE-2017-10167
CVE-2017-10378
CVE-2017-10277
CVE-2017-10203
CVE-2017-10283
CVE-2017-10313
CVE-2017-10296
CVE-2017-10311
CVE-2017-10320
CVE-2017-10314
CVE-2017-10227
CVE-2017-10279
CVE-2017-10294
CVE-2017-10165
CVE-2017-10284
CVE-2017-10286
CVE-2017-10268
CVE-2017-10365
57aec168-453e-11e8-8777-b499baebfeafMySQL -- multiple vulnerabilities

Oracle reports:

MySQL Multiple Flaws Let Remote Authenticated Users Access and Modify Data, Remote and Local Users Deny Service, and Local Users Access Data and Gain Elevated Privileges

  • A local user can exploit a flaw in the Replication component to gain elevated privileges [CVE-2018-2755].
  • A remote authenticated user can exploit a flaw in the GIS Extension component to cause denial of service conditions [CVE-2018-2805].
  • A remote authenticated user can exploit a flaw in the InnoDB component to cause denial of service conditions [CVE-2018-2782, CVE-2018-2784, CVE-2018-2819].
  • A remote authenticated user can exploit a flaw in the Security Privileges component to cause denial of service conditions [CVE-2018-2758, CVE-2018-2818].
  • A remote authenticated user can exploit a flaw in the DDL component to cause denial of service conditions [CVE-2018-2817].
  • A remote authenticated user can exploit a flaw in the Optimizer component to cause denial of service conditions [CVE-2018-2775, CVE-2018-2778, CVE-2018-2779, CVE-2018-2780, CVE-2018-2781, CVE-2018-2816].
  • A remote user can exploit a flaw in the Client programs component to cause denial of service conditions [CVE-2018-2761, CVE-2018-2773].
  • A remote authenticated user can exploit a flaw in the InnoDB component to partially modify data and cause denial of service conditions [CVE-2018-2786, CVE-2018-2787].
  • A remote authenticated user can exploit a flaw in the Optimizer component to partially modify data and cause denial of service conditions [CVE-2018-2812].
  • A local user can exploit a flaw in the Cluster ndbcluster/plugin component to cause denial of service conditions [CVE-2018-2877].
  • A remote authenticated user can exploit a flaw in the InnoDB component to cause denial of service conditions [CVE-2018-2759, CVE-2018-2766, CVE-2018-2777, CVE-2018-2810].
  • A remote authenticated user can exploit a flaw in the DML component to cause denial of service conditions [CVE-2018-2839].
  • A remote authenticated user can exploit a flaw in the Performance Schema component to cause denial of service conditions [CVE-2018-2846].
  • A remote authenticated user can exploit a flaw in the Pluggable Auth component to cause denial of service conditions [CVE-2018-2769].
  • A remote authenticated user can exploit a flaw in the Group Replication GCS component to cause denial of service conditions [CVE-2018-2776].
  • A local user can exploit a flaw in the Connection component to cause denial of service conditions [CVE-2018-2762].
  • A remote authenticated user can exploit a flaw in the Locking component to cause denial of service conditions [CVE-2018-2771].
  • A remote authenticated user can exploit a flaw in the DDL component to partially access data [CVE-2018-2813].

Discovery 2018-04-17
Entry 2018-04-21
mariadb55-server
lt 5.5.60

mariadb100-server
lt 10.0.35

mariadb101-server
lt 10.1.33

mariadb102-server
lt 10.2.15

mysql55-server
lt 5.5.60

mysql56-server
lt 5.6.40

mysql57-server
lt 5.7.22

percona55-server
lt 5.5.60

percona56-server
lt 5.6.40

percona57-server
lt 5.7.22

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
CVE-2018-2755
CVE-2018-2805
CVE-2018-2782
CVE-2018-2784
CVE-2018-2819
CVE-2018-2758
CVE-2018-2817
CVE-2018-2775
CVE-2018-2780
CVE-2018-2761
CVE-2018-2786
CVE-2018-2787
CVE-2018-2812
CVE-2018-2877
CVE-2018-2759
CVE-2018-2766
CVE-2018-2777
CVE-2018-2810
CVE-2018-2818
CVE-2018-2839
CVE-2018-2778
CVE-2018-2779
CVE-2018-2781
CVE-2018-2816
CVE-2018-2846
CVE-2018-2769
CVE-2018-2776
CVE-2018-2762
CVE-2018-2771
CVE-2018-2813
CVE-2018-2773
d9e01c35-2531-11e7-b291-b499baebfeafMySQL -- multiple vulnerabilities

Oracle reports:

This Critical Patch Update contains 39 new security fixes for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.


Discovery 2017-04-19
Entry 2017-04-19
mariadb55-server
lt 5.5.55

mariadb100-server
lt 10.0.31

mariadb101-server
lt 10.1.23

mysql55-server
lt 5.5.55

mysql56-server
lt 5.6.36

mysql57-server
lt 5.7.18

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
CVE-2017-3308
CVE-2017-3309
CVE-2017-3450
CVE-2017-3599
CVE-2017-3329
CVE-2017-3600
CVE-2017-3331
CVE-2017-3453
CVE-2017-3452
CVE-2017-3454
CVE-2017-3455
CVE-2017-3305
CVE-2017-3460
CVE-2017-3456
CVE-2017-3458
CVE-2017-3457
CVE-2017-3459
CVE-2017-3463
CVE-2017-3462
CVE-2017-3461
CVE-2017-3464
CVE-2017-3465
CVE-2017-3467
CVE-2017-3468
851a0eea-88aa-11e5-90e7-b499baebfeafMySQL - Multiple vulnerabilities

Oracle reports:

Critical Patch Update: MySQL Server, version(s) 5.5.45 and prior, 5.6.26 and prior


Discovery 2015-11-10
Entry 2015-11-11
mariadb-client
lt 5.3.13

mariadb-server
lt 5.3.13

mariadb55-client
lt 5.5.46

mariadb55-server
lt 5.5.46

mariadb100-client
lt 10.0.22

mariadb100-server
lt 10.0.22

mysql55-client
lt 5.5.46

mysql55-server
lt 5.5.46

mysql56-client
lt 5.6.27

mysql56-server
lt 5.6.27

percona55-client
lt 5.5.46

percona55-server
lt 5.5.46

percona56-client
lt 5.6.27

percona56-server
lt 5.6.27

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4802
CVE-2015-4807
CVE-2015-4815
CVE-2015-4826
CVE-2015-4830
CVE-2015-4836
CVE-2015-4858
CVE-2015-4861
CVE-2015-4870
CVE-2015-4913
CVE-2015-4792
https://mariadb.com/kb/en/mariadb/mariadb-5546-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10022-release-notes/
https://www.percona.com/doc/percona-server/5.5/release-notes/Percona-Server-5.5.46-37.5.html
https://www.percona.com/doc/percona-server/5.6/release-notes/Percona-Server-5.6.27-75.0.html
4d2f9d09-ddb7-11e6-a9a5-b499baebfeafmysql -- multiple vulnerabilities

Oracle reports:

No further details have been provided in the Critical Patch Update


Discovery 2017-01-18
Entry 2017-01-18
Modified 2017-03-14
mariadb55-server
lt 5.5.54

mariadb100-server
lt 10.0.30

mariadb101-server
lt 10.1.22

mysql55-server
lt 5.5.54

mysql56-server
lt 5.6.35

mysql57-server
lt 5.7.17

http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL
CVE-2016-8318
CVE-2017-3312
CVE-2017-3258
CVE-2017-3273
CVE-2017-3244
CVE-2017-3257
CVE-2017-3238
CVE-2017-3256
CVE-2017-3291
CVE-2017-3265
CVE-2017-3251
CVE-2017-3313
CVE-2017-3243
CVE-2016-8327
CVE-2017-3317
CVE-2017-3318
CVE-2017-3319
CVE-2017-3320
e3445736-fd01-11e7-ac58-b499baebfeafMySQL -- multiple vulnerabilities

Oracle reports:

Not all vulnerabilities are relevant for all flavors/versions of the servers and clients

  • Vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. GIS: CVE-2018-2573, DDL CVE-2018-2622, Optimizer: CVE-2018-2640, CVE-2018-2665, CVE-2018-2668, Security:Privileges: CVE-2018-2703, Partition: CVE-2018-2562.
  • Vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. InnoDB: CVE-2018-2565, CVE-2018-2612 DML: CVE-2018-2576, CVE-2018-2646, Stored Procedure: CVE-2018-2583, Performance Schema: CVE-2018-2590, Partition: CVE-2018-2591, Optimizer: CVE-2018-2600, CVE-2018-2667, Security:Privileges: CVE-2018-2696, Replication: CVE-2018-2647.
  • Vulnerability allows a low or high privileged attacker with network access via multiple protocols to compromise MySQL Server with unauthorized creation, deletion, modification or access to data/ critical data. InnoDB: CVE-2018-2612, Performance Schema: CVE-2018-2645, Replication: CVE-2018-2647, Partition: CVE-2018-2562.

Discovery 2017-01-18
Entry 2018-01-19
mariadb55-server
lt 5.5.59

mariadb100-server
lt 10.0.34

mariadb101-server
lt 10.1.31

mariadb102-server
lt 10.2.13

mysql55-server
lt 5.5.59

mysql56-server
lt 5.6.39

mysql57-server
lt 5.7.21

percona55-server
lt 5.5.59

percona56-server
lt 5.6.39

percona57-server
lt 5.7.21

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
https://mariadb.com/kb/en/library/mariadb-5559-release-notes/
CVE-2018-2562
CVE-2018-2565
CVE-2018-2573
CVE-2018-2576
CVE-2018-2583
CVE-2018-2586
CVE-2018-2590
CVE-2018-2591
CVE-2018-2600
CVE-2018-2612
CVE-2018-2622
CVE-2018-2640
CVE-2018-2645
CVE-2018-2646
CVE-2018-2647
CVE-2018-2665
CVE-2018-2667
CVE-2018-2668
CVE-2018-2696
CVE-2018-2703
22373c43-d728-11e6-a9a5-b499baebfeafMySQL -- multiple vulnerabilities

The MySQL project reports:

  • CVE-2016-3492: Remote security vulnerability in 'Server: Optimizer' sub component.
  • CVE-2016-5616, CVE-2016-6663: Race condition allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
  • CVE-2016-5617, CVE-2016-6664: mysqld_safe, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.
  • CVE-2016-5624: Remote security vulnerability in 'Server: DML' sub component.
  • CVE-2016-5626: Remote security vulnerability in 'Server: GIS' sub component.
  • CVE-2016-5629: Remote security vulnerability in 'Server: Federated' sub component.
  • CVE-2016-8283: Remote security vulnerability in 'Server: Types' sub component.

Discovery 2016-09-13
Entry 2017-01-14
mariadb55-client
mariadb55-server
lt 5.5.52

mariadb100-client
mariadb100-server
lt 10.0.28

mariadb101-client
mariadb101-server
lt 10.1.18

mysql55-client
mysql55-server
lt 5.5.52

mysql56-client
mysql56-server
lt 5.6.33

mysql57-client
mysql57-server
lt 5.7.15

percona55-client
percona55-server
lt 5.5.51.38.2

percona56-client
percona56-server
lt 5.6.32.78.1

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixMSQL
https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/
CVE-2016-3492
CVE-2016-5616
CVE-2016-5617
CVE-2016-5624
CVE-2016-5626
CVE-2016-5629
CVE-2016-6663
CVE-2016-6664
CVE-2016-8283
8c2b2f11-0ebe-11e6-b55e-b499baebfeafMySQL -- multiple vulnerabilities

Oracle reports reports:

Critical Patch Update contains 31 new security fixes for Oracle MySQL 5.5.48, 5.6.29, 5.7.11 and earlier


Discovery 2016-04-19
Entry 2016-04-30
mariadb55-server
lt 5.5.49

mariadb100-server
lt 10.0.25

mariadb101-server
lt 10.1.12

mysql55-server
lt 5.5.49

mysql56-server
lt 5.6.30

mysql57-server
lt 5.7.12

percona55-server
lt 5.5.49

percona-server
lt 5.6.30

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html#AppendixMSQL
https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
https://mariadb.com/kb/en/mariadb/mariadb-10112-release-notes/
CVE-2016-0705
CVE-2016-0639
CVE-2015-3194
CVE-2016-0640
CVE-2016-0641
CVE-2016-3461
CVE-2016-2047
CVE-2016-0642
CVE-2016-0643
CVE-2016-0644
CVE-2016-0646
CVE-2016-0647
CVE-2016-0648
CVE-2016-0649
CVE-2016-0650
CVE-2016-0652
CVE-2016-0653
CVE-2016-0654
CVE-2016-0655
CVE-2016-0656
CVE-2016-0657
CVE-2016-0658
CVE-2016-0651
CVE-2016-0659
CVE-2016-0661
CVE-2016-0662
CVE-2016-0663
CVE-2016-0665
CVE-2016-0666
CVE-2016-0667
CVE-2016-0668
909be51b-9b3b-11e8-add2-b499baebfeafMySQL -- multiple vulnerabilities

Oracle reports:

Multiple vulnerabilities have been disclosed by Oracle without further detail. CVSS scores 7.1 - 2.7


Discovery 2018-07-17
Entry 2018-08-08
mariadb55-server
lt 5.5.61

mariadb100-server
lt 10.0.36

mariadb101-server
lt 10.1.35

mariadb102-server
lt 10.2.17

mariadb103-server
lt 10.3.9

mysql55-server
lt 5.5.61

mysql56-server
lt 5.6.41

mysql57-server
lt 5.7.23

mysql80-server
lt 8.0.12

percona55-server
lt 5.5.61

percona56-server
lt 5.6.41

percona57-server
lt 5.7.23

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CVE-2018-3064
CVE-2018-0739
CVE-2018-3070
CVE-2018-3060
CVE-2018-3065
CVE-2018-3073
CVE-2018-3074
CVE-2018-3081
CVE-2018-3071
CVE-2018-3079
CVE-2018-3054
CVE-2018-3077
CVE-2018-3078
CVE-2018-3080
CVE-2018-3061
CVE-2018-3067
CVE-2018-3063
CVE-2018-3075
CVE-2018-3058
CVE-2018-3056
CVE-2018-3066
CVE-2018-2767
CVE-2018-3084
CVE-2018-3082
cda2f3c2-6c8b-11e7-867f-b499baebfeafMySQL -- multiple vulnerabilities

Oracle reports:

Please reference CVE/URL list for details


Discovery 2017-07-19
Entry 2017-07-19
Modified 2017-08-12
mariadb55-server
lt 5.5.57

mariadb100-server
lt 10.0.32

mariadb101-server
lt 10.1.26

mariadb102-server
lt 10.2.6

mysql55-server
lt 5.5.57

mysql56-server
lt 5.6.37

mysql57-server
lt 5.7.19

percona55-server
lt 5.5.57

percona56-server
lt 5.6.37

percona57-server
lt 5.7.19

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL
CVE-2017-3529
CVE-2017-3633
CVE-2017-3634
CVE-2017-3635
CVE-2017-3636
CVE-2017-3637
CVE-2017-3638
CVE-2017-3639
CVE-2017-3640
CVE-2017-3641
CVE-2017-3642
CVE-2017-3643
CVE-2017-3644
CVE-2017-3645
CVE-2017-3646
CVE-2017-3647
CVE-2017-3648
CVE-2017-3649
CVE-2017-3650
CVE-2017-3651
CVE-2017-3652
CVE-2017-3653
856b88bf-7984-11e6-81e7-d050996490d0mysql -- Remote Root Code Execution

Dawid Golunski reports:

An independent research has revealed multiple severe MySQL vulnerabilities. This advisory focuses on a critical vulnerability with a CVEID of CVE-2016-6662 which can allow attackers to (remotely) inject malicious settings into MySQL configuration files (my.cnf) leading to critical consequences.


Discovery 2016-09-12
Entry 2016-09-13
mariadb55-server
lt 5.5.51

mariadb100-server
lt 10.0.27

mariadb101-server
lt 10.1.17

mysql55-server
lt 5.5.52

mysql56-server
lt 5.6.33

mysql57-server
lt 5.7.15

percona55-server
lt 5.5.51.38.1

percona56-server
lt 5.6.32.78.0

percona57-server
lt 5.7.14.7

CVE-2016-6662
http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.txt
https://jira.mariadb.org/browse/MDEV-10465
https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/
https://www.percona.com/blog/2016/09/12/database-affected-cve-2016-6662/
https://www.psce.com/blog/2016/09/12/how-to-quickly-patch-mysql-server-against-cve-2016-6662/
ca5cb202-4f51-11e6-b2ec-b499baebfeafMySQL -- Multiple vulnerabilities

Oracle reports:

The quarterly Critical Patch Update contains 22 new security fixes for Oracle MySQL 5.5.49, 5.6.30, 5.7.13 and earlier


Discovery 2016-07-20
Entry 2016-07-21
Modified 2016-08-08
mariadb55-server
le 5.5.49

mariadb100-server
le 10.0.25

mariadb101-server
le 10.1.14

mysql55-server
le 5.5.49

mysql56-server
lt 5.6.30

mysql57-server
lt 5.7.12_1

percona55-server
le 5.5.49

percona56-server
le 5.6.30

CVE-2016-3614
CVE-2016-5436
CVE-2016-3459
CVE-2016-5437
CVE-2016-3424
CVE-2016-5439
CVE-2016-5440
CVE-2016-5441
CVE-2016-5442
CVE-2016-5443
CVE-2016-5444
CVE-2016-3452
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3477
CVE-2016-3440
CVE-2016-2105
CVE-2016-3471
CVE-2016-3486
CVE-2016-3501
CVE-2016-3518
CVE-2016-3521
CVE-2016-3588
CVE-2016-3615