CVSS: 8.8EPSS: 10%CPEs: 36EXPL: 0CVE-2016-9842 – zlib: Undefined left shift of negative number
https://notcve.org/view.php?id=CVE-2016-9842
23 Jan 2017 — The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. La función inflateMark en inflate.c en zlib 1.2.8 podría permitir que los atacantes dependientes del contexto tener un impacto no especificado a través de vectores que implican cambios a la izquierda de enteros negativos. It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to ca... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html •
CVSS: 9.8EPSS: 9%CPEs: 46EXPL: 0CVE-2016-9843 – zlib: Big-endian out-of-bounds pointer
https://notcve.org/view.php?id=CVE-2016-9843
23 Jan 2017 — The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. La función crc32_big en crc32.c in zlib 1.2.8 podría permitir que atacantes dependientes del contexto causen impactos no especificados mediante vectores que implican cálculos CRC big-endian. It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html •
CVSS: 7.0EPSS: 2%CPEs: 13EXPL: 4CVE-2016-6663 – MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition
https://notcve.org/view.php?id=CVE-2016-6663
31 Oct 2016 — Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.... • https://packetstorm.news/files/id/139476 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 23%CPEs: 61EXPL: 1CVE-2016-0705 – OpenSSL: Double-free in DSA code
https://notcve.org/view.php?id=CVE-2016-0705
01 Mar 2016 — Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. Vulnerabilidad de liberación doble en la función dsa_priv_decode en crypto/dsa/dsa_ameth.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a 1.0.2g permite a atacantes remotos causar una dene... • https://github.com/hshivhare67/OpenSSL_1.0.1g_CVE-2016-0705 •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2013-1548 – mysql: unspecified DoS related to Server Types (CPU April 2013)
https://notcve.org/view.php?id=CVE-2013-1548
17 Apr 2013 — Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types. Vulnerabilidad no especificada en Oracle MySQL v5.1.63 y anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con Server Types. Multiple vulnerabilities have been found in MySQL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 5.1.7... • http://rhn.redhat.com/errata/RHSA-2013-0772.html •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 1CVE-2009-4833
https://notcve.org/view.php?id=CVE-2009-4833
29 Apr 2010 — MySQL Connector/NET before 6.0.4, when using encryption, does not verify SSL certificates during connection, which allows remote attackers to perform a man-in-the-middle attack with a spoofed SSL certificate. MySQL Connector/NET anterior a v6.0.4, cuando se utiliza encriptación, no verificar los certificados SSL durante la conexión, lo cual permite a atacantes remotos llevar a cabo un ataque "man-in-the-middle" (hombre en el medio) con un certificado SSL falso. • http://bugs.mysql.com/bug.php?id=38700 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 86EXPL: 2CVE-2008-7247
https://notcve.org/view.php?id=CVE-2008-7247
30 Nov 2009 — sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink. sql/sql_table.cc en MySQL v5.0.x hasta la v5.0.88, v5.1.x hasta la v5.1.41, y v6.0 anteriores a v6.0.9-alpha, cuando e... • http://bugs.mysql.com/bug.php?id=39277 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 4%CPEs: 36EXPL: 2CVE-2009-0819 – MySQL 6.0.9 - XPath Expression Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-0819
05 Mar 2009 — sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure. El archivo sql/item_xmlfunc.cc en MySQL versiones 5.1 anteriores a 5.1.32 y versiones 6.0 anteriores a 6.0.10, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo) por medio de "an XPath expre... • https://www.exploit-db.com/exploits/32838 •
CVSS: 7.5EPSS: 5%CPEs: 64EXPL: 1CVE-2008-3963 – MySQL 6.0.4 - Empty Binary String Literal Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-3963
10 Sep 2008 — MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement. MySQL versiones 5.0 anteriores a 5.0.66, versiones 5.1 anteriores a 5.1.26 y versiones 6.0 anteriores a 6.0.6, no maneja apropiadamente un token b'' (b comilla simple comilla simple), también se conoce como literal de cadena de bits... • https://www.exploit-db.com/exploits/32348 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 1CVE-2008-2079 – mysql: privilege escalation via DATA/INDEX DIRECTORY directives
https://notcve.org/view.php?id=CVE-2008-2079
05 May 2008 — MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future. MySQL 4.1.x anterior a 4.1.24, 5.0.x antes de 5.0.60, 5.1.x anterior a 5.1.24 y 6.0.x antes de 6.0.5 permite a usuarios locales evitar ciertas comprobaci... • http://bugs.mysql.com/bug.php?id=32167 • CWE-264: Permissions, Privileges, and Access Controls •