CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2020-28912
https://notcve.org/view.php?id=CVE-2020-28912
24 Dec 2020 — With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between the client and the server, and getting the ability to run SQL commands on behalf of the connected user. This occurs because of an incorrect security descriptor. This affects MariaDB Server before 10.1.48, 10.2.x be... • https://hackerone.com/reports/1019891 •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-15365 – mariadb: Replication in sql/event_data_objects.cc occurs before ACL checks
https://notcve.org/view.php?id=CVE-2017-15365
25 Jan 2018 — sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking. sql/event_data_objects.cc en MariaDB en versiones anteriores a la 10.1.30 y 10.2.x anteriores a la 10.2.10 y Percona Xtra... • https://access.redhat.com/errata/RHSA-2019:1258 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-15945 – Gentoo Linux Security Advisory 201711-04
https://notcve.org/view.php?id=CVE-2017-15945
27 Oct 2017 — The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link. Los scripts de instalación en los paquetes dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster y dev-db/mariadb-galera de Gento en versiones anteriores a 2017-09... • https://bugs.gentoo.org/630822 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0CVE-2017-3302 – mysql: prepared statement handle use-after-free after disconnect
https://notcve.org/view.php?id=CVE-2017-3302
12 Feb 2017 — Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3. Caída en libmysqlclient.so en Oracle MySQL en versiones anteriores 5.6.21 y 5.7.x en versiones anteriores 5.7.5 y MariaDB hasta la versión 5.5.54, 10.0.x hasta la versión 10.0.29, 10.1.x hasta la versión 10.1.21 y 10.2.x hasta la versión 10.2.3. A flaw was found in the way MySQL client library (libmysqlclient) handled prepared ... • http://www.debian.org/security/2017/dsa-3809 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 42EXPL: 0CVE-2016-0610 – mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU January 2016)
https://notcve.org/view.php?id=CVE-2016-0610
21 Jan 2016 — Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. Vulnerabilidad no especificada en Oracle MySQL 5.6.27 y versiones anteriores y MariaDB en versiones anteriores a 10.0.22 y 10.1.x en versiones anteriores a 10.1.9 permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores no conocidos relacionados con InnoDB. MariaDB is a ... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html •
CVSS: 8.1EPSS: 0%CPEs: 50EXPL: 0CVE-2016-0616 – mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU January 2016)
https://notcve.org/view.php?id=CVE-2016-0616
21 Jan 2016 — Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Vulnerabilidad no especificada en Oracle MySQL 5.5.46 y versiones anteriores y MariaDB en versiones anteriores a 5.5.47, 10.0.x en versiones anteriores a 10.0.23 y 10.1.x en versiones anteriores a 10.1.10 permite a usuarios remotos autenticados afectar a la disponibilidad a t... • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2015-2325 – pcre: heap buffer overflow in compile_branch()
https://notcve.org/view.php?id=CVE-2015-2325
12 Jun 2015 — The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier. La función compile_branch en PCRE versiones anteriores a 8.37, permite a atacantes dependiendo del contexto compilar código incor... • http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 45%CPEs: 63EXPL: 0CVE-2014-0001 – mysql: command-line tool buffer overflow via long server version string
https://notcve.org/view.php?id=CVE-2014-0001
31 Jan 2014 — Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string. Desbordamiento de buffer en client/mysql.cc en Oracle MySQL y MariaDB anterior a 5.5.35 permite a servidores de bases de datos remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de una cadena de versión del servidor larga. Buffer overflow in clien... • http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2013-1531 – mysql: unspecified vulnerability related to Server Privileges (CPU April 2013)
https://notcve.org/view.php?id=CVE-2013-1531
17 Apr 2013 — Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges. Vulnerabilidad no especificada en Oracle MySQL v5.1.66 y anteriores y v5.5.28 y anteriores, permite a usuarios autenticados remotamente comprometer la disponibilidad a través de vectores desconocidos relacionados con Server Privileges. Multiple vulnerabilities have been found in MySQL, al... • http://rhn.redhat.com/errata/RHSA-2013-0772.html •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2013-1548 – mysql: unspecified DoS related to Server Types (CPU April 2013)
https://notcve.org/view.php?id=CVE-2013-1548
17 Apr 2013 — Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types. Vulnerabilidad no especificada en Oracle MySQL v5.1.63 y anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con Server Types. Multiple vulnerabilities have been found in MySQL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 5.1.7... • http://rhn.redhat.com/errata/RHSA-2013-0772.html •