Page 10 of 409 results (0.034 seconds)

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

20 May 2020 — libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle. La biblioteca libmariadb/mariadb_lib.c en MariaDB Connector/C versiones anteriores a 3.1.8 no comprueba apropiadamente el contenido de un paquete OK recibido desde un servidor. NOTA: aunque mariadb_lib.c se basó originalmente ... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00064.html • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 0

15 Apr 2020 — Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). • https://security.gentoo.org/glsa/202105-27 •

CVSS: 4.9EPSS: 0%CPEs: 19EXPL: 0

15 Apr 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impact... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html •

CVSS: 4.9EPSS: 0%CPEs: 23EXPL: 0

15 Apr 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (A... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html •

CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 0

15 Apr 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability im... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC •

CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0

15 Apr 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html •

CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0

15 Apr 2020 — Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impact... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2

04 Feb 2020 — mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently. mysql_install_db en MariaDB versiones 10.4.7 hasta 10.4.11, permite una escalada de privilegios de la cuenta de usuario mysql a root porque chown y chmod se rea... • https://bugzilla.suse.com/show_bug.cgi?id=1160868 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 5.9EPSS: 0%CPEs: 17EXPL: 0

15 Jan 2020 — Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impac... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0

16 Oct 2019 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availabil... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html •