Page 122 of 694 results (0.016 seconds)

CVSS: 4.0EPSS: 3%CPEs: 61EXPL: 4

CVE-2010-3681 – Oracle MySQL 5.1.48 - 'HANDLER' Interface Denial of Service

https://notcve.org/view.php?id=CVE-2010-3681

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure. MySQL de Oracle versiones 5.1 anteriores a 5.1.49 y versiones 5.5 anteriores a 5.5.5, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo del demonio mysqld) mediante la interfaz HANDLER y realizar "alternate reads from two indexes on a table", lo que desencadena un fallo de aserción. • https://www.exploit-db.com/exploits/34520 http://bugs.mysql.com/bug.php?id=54007 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html http://dev.mysql.com/doc/refman/5.5/en/news-5-5-5.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html http://secunia.com/advisories/42875 http://secunia.com/advisories/42936 http://www.debian.org/security/2011/dsa-21 •

CVSS: 5.0EPSS: 11%CPEs: 56EXPL: 4

CVE-2010-3678 – Oracle MySQL < 5.1.49 - 'WITH ROLLUP' Denial of Service

https://notcve.org/view.php?id=CVE-2010-3678

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier. MySQL de Oracle versiones 5.1 anteriores a 5.1.49, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo) por medio de operaciones (1) IN o (2) CASE con argumentos NULL que son especificados explícitamente o indirectamente proporcionados por el modificador WITH ROLLUP. • https://www.exploit-db.com/exploits/15467 http://bugs.mysql.com/bug.php?id=54477 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://secunia.com/advisories/42936 http://www.mandriva.com/security/advisories?name=MDVSA-2010:155 http://www.mandriva.com/security/advisories?name=MDVSA-2011:012 http://www.openwall.com/lists/oss-security/2010/09/28/10 http://www.redhat.com/support • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 3%CPEs: 116EXPL: 4

CVE-2010-3682 – MySQL 5.1.48 - 'EXPLAIN' Denial of Service

https://notcve.org/view.php?id=CVE-2010-3682

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function. MySQL de Oracle versiones 5.1 anteriores a 5.1.49 y versiones 5.0 anteriores a 5.0.92, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo del demonio mysqld) mediante el uso de EXPLAIN con declaraciones especialmente diseñadas "SELECT ... • https://www.exploit-db.com/exploits/34506 http://bugs.mysql.com/bug.php?id=52711 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://secunia.com/advisories/42875 http://secunia.com/advisories/42936 http://support.apple.com/kb/HT4723 http& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 6%CPEs: 56EXPL: 3

CVE-2010-3680 – MySQL 5.1.48 - 'Temporary InnoDB' Tables Denial of Service

https://notcve.org/view.php?id=CVE-2010-3680

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure. MySQL de Oracle versiones 5.1 anteriores a 5.1.49, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo del demonio mysqld) mediante la creación de tablas temporales con columnas que aceptan valores NULL mientras se utiliza InnoDB, que desencadena un fallo de aserción. • https://www.exploit-db.com/exploits/34505 http://bugs.mysql.com/bug.php?id=54044 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html http://secunia.com/advisories/42875 http://secunia.com/advisories/42936 http://www.debian.org/security/2011/dsa-2143 http://www.mandriva.com/security/advisories?name=MDVSA-2010:155 http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 http://www.mandriva.com/security/advisories?name=MDVSA-2011:012 http://www.openwa •

CVSS: 3.5EPSS: 1%CPEs: 9EXPL: 4

CVE-2010-2008 – Oracle MySQL - 'ALTER DATABASE' Remote Denial of Service

https://notcve.org/view.php?id=CVE-2010-2008

MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory. MySQL anterior a v5.1.48 permite a usuarios autenticados remotamente con privilegios de modificación en la base de datos provocar una denegación de servicio (caída de servidor y pérdida de la base de datos) a través del comando "ALTER DATABASE" con una cadena #mysql50# seguida de un ..(punto punto), ../ (punto punto barra) o secuencia similar, y un comando "UPGRADE DATA DIRECTORY NAME", lo que provoca que MySQL mueva ciertos directorios al directorio del servidor de datos. • https://www.exploit-db.com/exploits/14537 http://bugs.mysql.com/bug.php?id=53804 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044546.html http://secunia.com/advisories/40333 http://secunia.com/advisories/40762 http://www.mandriva.com/security/advisories?name=MDVSA-2010:155 http://www.securityfocus.com/bid/41198 http://www.securitytracker.com/id?1024160 http://www.ubuntu.com/usn/USN-1 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •