CVSS: 5.9EPSS: 62%CPEs: 27EXPL: 2CVE-2015-3152 – mysql: use of SSL/TLS can not be enforced in mysql client library (oCERT-2015-003, BACKRONYM)
https://notcve.org/view.php?id=CVE-2015-3152
29 Apr 2015 — Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack. Oracle MySQL en versiones anteriores a 5.7.3, Oracle MySQL Connector/C (también conocido como libmysqlclient) en versiones anteriores a 6.1.3 y MariaDB en versiones anteriores a 5.5.44 utiliza la opción --ssl significa que SSL es ... • https://github.com/duo-labs/mysslstrip • CWE-295: Improper Certificate Validation •
CVSS: 8.6EPSS: 5%CPEs: 30EXPL: 0CVE-2015-1779 – qemu: vnc: insufficient resource limiting in VNC websockets decoder
https://notcve.org/view.php?id=CVE-2015-1779
27 Apr 2015 — The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. El decodificador de frames websocket VNC en QEMU permite a atacantes remotos causar una denegación de servicio (consumo de CPU y memoria) a través de una gran (1) carga útil websocket o (2) sección de cabeceras HTTP It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.1EPSS: 5%CPEs: 38EXPL: 0CVE-2015-2568 – mysql: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015)
https://notcve.org/view.php?id=CVE-2015-2568
16 Apr 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.41 y anteriores, y 5.6.22 y anteriores, permite a atacantes remotos afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Security : Privileges. MariaDB is a multi-user, multi-threaded SQL database server that is binary... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html •
CVSS: 8.8EPSS: 0%CPEs: 34EXPL: 0CVE-2015-2571 – mysql: unspecified vulnerability related to Server:Optimizer (CPU April 2015)
https://notcve.org/view.php?id=CVE-2015-2571
16 Apr 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.42 y anteriores, y 5.6.23 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Optimizer. MariaDB is a multi-user, multi-threaded SQL database server that is binary c... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html •
CVSS: 8.8EPSS: 0%CPEs: 34EXPL: 0CVE-2015-2573 – mysql: unspecified vulnerability related to Server:DDL (CPU April 2015)
https://notcve.org/view.php?id=CVE-2015-2573
16 Apr 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.41 y anteriores, y 5.6.22 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con DDL. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL c... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html •
CVSS: 8.8EPSS: 0%CPEs: 38EXPL: 0CVE-2015-0433 – mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015)
https://notcve.org/view.php?id=CVE-2015-0433
16 Apr 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.41 y anteriores, y 5.6.22 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con InnoDB : DML. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was foun... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html •
CVSS: 8.8EPSS: 0%CPEs: 33EXPL: 0CVE-2015-0441 – mysql: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015)
https://notcve.org/view.php?id=CVE-2015-0441
16 Apr 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.41 y anteriores, y 5.6.22 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Security : Encryption. MariaDB is a multi-user, multi-threaded SQL database... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html •
CVSS: 8.8EPSS: 0%CPEs: 34EXPL: 0CVE-2015-0499 – mysql: unspecified vulnerability related to Server:Federated (CPU April 2015)
https://notcve.org/view.php?id=CVE-2015-0499
16 Apr 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.42 y anteriores, y 5.6.23 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Federated. MariaDB is a multi-user, multi-threaded SQL database server that is binary c... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html •
CVSS: 8.8EPSS: 1%CPEs: 34EXPL: 0CVE-2015-0501 – mysql: unspecified vulnerability related to Server:Compiling (CPU April 2015)
https://notcve.org/view.php?id=CVE-2015-0501
16 Apr 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.42 y anterioresw y 5.6.23 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Compiling. MariaDB is a multi-user, multi-threaded SQL database server that is binary c... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 •
CVSS: 8.8EPSS: 0%CPEs: 34EXPL: 0CVE-2015-0505 – mysql: unspecified vulnerability related to Server:DDL (CPU April 2015)
https://notcve.org/view.php?id=CVE-2015-0505
16 Apr 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.42 y anteriores, y 5.6.23 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con DDL. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL c... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html •