CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2015-4767 – mysql: unspecified vulnerability related to Server:Security:Firewall (CPU July 2015)
https://notcve.org/view.php?id=CVE-2015-4767
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769. Vulnerabilidad no especificada en Oracle MySQL Server 5.6.24 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Security : Firewall, una vulnerabilidad diferente a CVE-2015-4769. • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html http://rhn.redhat.com/errata/RHSA-2015-1630.html http://rhn.redhat.com/errata/RHSA-2015-1646.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/75844 http://www.securitytracker.com/id/1032911 http://www.ubuntu.com/usn/USN-2674-1 https://security.gentoo.org/glsa/201610-06 https://access.redhat.com/security/cve/CVE-2015-4767 https://bugzilla.redhat •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2015-4769 – mysql: unspecified vulnerability related to Server:Security:Firewall (CPU July 2015)
https://notcve.org/view.php?id=CVE-2015-4769
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4767. Vulnerabilidad no especificada en Oracle MySQL Server 5.6.24 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Security : Firewall, una vulnerabilidad diferente a CVE-2015-4767. • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html http://rhn.redhat.com/errata/RHSA-2015-1630.html http://rhn.redhat.com/errata/RHSA-2015-1646.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/75753 http://www.securitytracker.com/id/1032911 http://www.ubuntu.com/usn/USN-2674-1 https://security.gentoo.org/glsa/201610-06 https://access.redhat.com/security/cve/CVE-2015-4769 https://bugzilla.redhat •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2015-4771 – mysql: unspecified vulnerability related to Server:RBR (CPU July 2015)
https://notcve.org/view.php?id=CVE-2015-4771
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR. Vulnerabilidad no especificada en Oracle MySQL Server 5.6.24 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con RBR. • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html http://rhn.redhat.com/errata/RHSA-2015-1630.html http://rhn.redhat.com/errata/RHSA-2015-1646.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/75835 http://www.securitytracker.com/id/1032911 http://www.ubuntu.com/usn/USN-2674-1 https://security.gentoo.org/glsa/201610-06 https://access.redhat.com/security/cve/CVE-2015-4771 https://bugzilla.redhat •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2015-4772 – mysql: unspecified vulnerability related to Server:Partition (CPU July 2015)
https://notcve.org/view.php?id=CVE-2015-4772
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. Vulnerabilidad no especificada en Oracle MySQL Server 5.6.24 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Partition. • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html http://rhn.redhat.com/errata/RHSA-2015-1630.html http://rhn.redhat.com/errata/RHSA-2015-1646.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/75781 http://www.securitytracker.com/id/1032911 http://www.ubuntu.com/usn/USN-2674-1 https://security.gentoo.org/glsa/201610-06 https://access.redhat.com/security/cve/CVE-2015-4772 https://bugzilla.redhat •
CVSS: 5.9EPSS: 0%CPEs: 27EXPL: 1CVE-2015-3152 – mysql: use of SSL/TLS can not be enforced in mysql client library (oCERT-2015-003, BACKRONYM)
https://notcve.org/view.php?id=CVE-2015-3152
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack. Oracle MySQL en versiones anteriores a 5.7.3, Oracle MySQL Connector/C (también conocido como libmysqlclient) en versiones anteriores a 6.1.3 y MariaDB en versiones anteriores a 5.5.44 utiliza la opción --ssl significa que SSL es opcional, lo que permite a atacantes man-in-the-middle suplantar servidores a través de un ataque de degradación de texto plano, también conocida como un ataque "BACKRONYM". It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html http://rhn.redhat.com/errata/RHSA-2015-1646.html http://rhn.redhat.com/errata/RHSA-2015-1647.html http://rhn& • CWE-295: Improper Certificate Validation •