CVE-2007-2692 – mysql SECURITY INVOKER functions do not drop privileges
https://notcve.org/view.php?id=CVE-2007-2692
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges. La función mysql_change_db en MySQL 5.0.x anterior a 5.0.40 y 5.1.x anterior a 5.1.18 no restaura los privilegios THD::db_access cuando regresa de rutinas almacenadas SQL SECURITY INVOKER, lo cual permite a usuarios autenticados remotamente obtener privilegios. • http://bugs.mysql.com/bug.php?id=27337 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html http://lists.mysql.com/announce/470 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html http://osvdb.org/34765 http://secunia.com/advisories/25301 http://secunia.com/advisories/26073 http://secunia.com/advisories/26430 http://secunia.com/advisories/27823 http://secunia.com/advisories/28637 http://secunia.com/advisories/28838 http://secunia& •
CVE-2007-2583 – MySQL 5.0.x - IF Query Handling Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-2583
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. La función in_decimal::set en el archivo item_cmpfunc.cc en mySQL versiones anteriores a 5.0.40, y versiones 5.1 anteriores a 5.1.18-beta, permite a atacantes dependiendo del contexto causar una denegación de servicio (bloqueo) por medio de una cláusula IF especialmente diseñada que resulta en un error de división por cero y una desreferencia del puntero NULL. MySQL version 5.0.x suffers from an IF query handling remote denial of service vulnerability. • https://www.exploit-db.com/exploits/30020 http://bugs.mysql.com/bug.php?id=27513 http://lists.mysql.com/commits/23685 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html http://packetstormsecurity.com/files/124295/MySQL-5.0.x-Denial-Of-Service.html http://secunia.com/advisories/25188 http://secunia.com/advisories/25196 http://secunia.com/advisories/25255 http://secunia.com/advisories/25389 http://secunia.com/advisories/25946 http://secunia.com/advis •
CVE-2007-1420 – MySQL 5.0.x - Single Row SubSelect Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-1420
MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function. MySQL versión 5.x anterior a 5.0.36, permite a los usuarios locales causar una denegación de servicio (bloqueo de base de datos) al realizar subselecciones de la tabla information_schema y utilizar ORDER BY para ordenar un resultado de una sola fila, lo que impide que determinados elementos de la estructura se inicialicen y desencadene una desreferencia de NULL en la función filesort. • https://www.exploit-db.com/exploits/29724 http://bugs.mysql.com/bug.php?id=24630 http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-36.html http://secunia.com/advisories/24483 http://secunia.com/advisories/24609 http://secunia.com/advisories/25196 http://secunia.com/advisories/25389 http://secunia.com/advisories/25946 http://secunia.com/advisories/30351 http://security.gentoo.org/glsa/glsa-200705-11.xml http://securityreason.com/securityalert/2413 http:& • CWE-476: NULL Pointer Dereference •
CVE-2006-7232 – mysql: daemon crash via EXPLAIN on queries on information schema
https://notcve.org/view.php?id=CVE-2006-7232
sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY. sql_select.cc en MySQL 5.0.x anterior a 5.0.32 y 5.1.x anterior a 5.1.14 permite a usuarios autenticados remotamente provocar una denegación de servicio (caída) mediante un EXPLAIN SELECT FROM en la tabla INFORMATION_SCHEMA como se ha demostrado utilizando ORDER BY. • http://bugs.mysql.com/bug.php?id=22413 http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-32.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-14.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/29443 http://secunia.com/advisories/30351 http://secunia.com/advisories/31687 http://www.redhat.com/support/errata/RHSA-2008-0364.html http://www.securityfocus.com/bid/28351 http://www. • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2006-4380
https://notcve.org/view.php?id=CVE-2006-4380
MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects. MySQL anterior a 4.1.13 permite a un usuario local provocar denegación de servicio (caida de esclavo de replicación persistente)a través de una consulta con multiacutalizaciones y subselecciones. • http://bugs.mysql.com/10442 http://lists.mysql.com/internals/26123 http://secunia.com/advisories/21712 http://secunia.com/advisories/21762 http://securitytracker.com/id?1016790 http://www.debian.org/security/2006/dsa-1169 http://www.mandriva.com/security/advisories?name=MDKSA-2006:158 http://www.securityfocus.com/bid/19794 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10686 https://access.redhat.com/security/cve/CVE-2006-4380 https:/ •