CVSS: 9.8EPSS: 0%CPEs: 27EXPL: 0CVE-2012-3147
https://notcve.org/view.php?id=CVE-2012-3147
16 Oct 2012 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client. Vulnerabilidad no especificada en el componente de MySQL Server v5.5.26 y anteriores de Oracle MySQL, permite a usuarios remotos autenticados afectar a la integridad y disponibilidad, relacionado con MySQL Client. • http://secunia.com/advisories/51177 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-4452 – mysql: regression of CVE-2009-4030
https://notcve.org/view.php?id=CVE-2012-4452
09 Oct 2012 — MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home ... • http://rhn.redhat.com/errata/RHSA-2013-0121.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 262EXPL: 0CVE-2012-1696 – Gentoo Linux Security Advisory 201308-06
https://notcve.org/view.php?id=CVE-2012-1696
03 May 2012 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. Vulnerabilidad no especificada en el componente de servidor MySQL en Oracle MySQL v5.5.19 y anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con el Optimizador de servidor. Multiple vulnerabilities have been found in MySQL, allowing attac... • http://secunia.com/advisories/48890 •
CVSS: 9.1EPSS: 0%CPEs: 89EXPL: 0CVE-2012-0583 – mysql: unspecified DoS vulnerability in MyISAM (Oracle CPU April 2012)
https://notcve.org/view.php?id=CVE-2012-0583
03 May 2012 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL v5.1.60 y anteriores, y v5.5.19 y anteriores, que permite a usuarios remotos autenticados afectar la disponibilidad, relacionado con MyISAM. Multiple vulnerabilities have been found in MySQL, allowing attackers to execute arbitrary code or ca... • http://secunia.com/advisories/48890 •
CVSS: 6.5EPSS: 1%CPEs: 116EXPL: 2CVE-2010-3677 – MySQL: Mysqld DoS (crash) by processing joins involving a table with a unique SET column (MySQL BZ#54575)
https://notcve.org/view.php?id=CVE-2010-3677
11 Jan 2011 — Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column. MySQL de Oracle versiones 5.1 anteriores a 5.1.49 y versiones 5.0 anteriores a 5.0.92, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo del demonio de mysqld) por medio de una consulta join que utiliza una tabla con una columna SET única. • http://bugs.mysql.com/bug.php?id=54575 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 116EXPL: 4CVE-2010-3682 – MySQL 5.1.48 - 'EXPLAIN' Denial of Service
https://notcve.org/view.php?id=CVE-2010-3682
11 Jan 2011 — Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function. MySQL de Oracle versiones 5.1 anteriores a 5.1.49 y versiones 5.0 anteriores a 5.0.92, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo del demonio ... • https://www.exploit-db.com/exploits/34506 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 4%CPEs: 9EXPL: 4CVE-2010-2008 – Oracle MySQL - 'ALTER DATABASE' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-2008
13 Jul 2010 — MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory. MySQL anterior a v5.1.48 permite a usuarios autenticados remotamente con privilegios de modificación en la base ... • https://www.exploit-db.com/exploits/14537 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 50EXPL: 0CVE-2010-1626 – mysql: table destruction via DATA/INDEX DIRECTORY directives using symlinks
https://notcve.org/view.php?id=CVE-2010-1626
21 May 2010 — MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247. MySQL en versiones anteriores a la v5.1.46 permite a los usuarios locales borrar los datos e índices de ficheros de tablas MyISAM de otros usuarios a través de un ataque de enlace simbólico junto con un comando DROP TABLE, una vulnerabilidad diferente a la CVE-2008-4098 y CVE-2... • http://bugs.mysql.com/bug.php?id=40980 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2010-1621
https://notcve.org/view.php?id=CVE-2010-1621
14 May 2010 — The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command. La función mysql_uninstall_plugin en sql/sql_plugin.cc en MySQL en versiones anteriores a la 5.1.46 no comprueba los privilegios antes de desinstalar un plugin, lo que puede permitir a atacantes remotos desinstalar plugins de su elección mediante el comando UNINSTALL PLUGIN. • http://bugs.mysql.com/bug.php?id=51770 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 1%CPEs: 104EXPL: 1CVE-2009-4028 – mysql: client SSL certificate verification flaw
https://notcve.org/view.php?id=CVE-2009-4028
30 Nov 2009 — The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library. La función vio_verify_callback en vio_verify_callback de MySQL v5.0.x anteriores a v5.0.88 y v5.1.x anteriores a v5.1.41,... • http://bugs.mysql.com/47320 • CWE-20: Improper Input Validation •