CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-1512 – Gentoo Linux Security Advisory 201308-06
https://notcve.org/view.php?id=CVE-2013-1512
17 Apr 2013 — Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. Vulnerabilidad no especificada en el Oracle MySQL v5.5.29 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad mediante vectores relacionados con Data Manipulation Language. USN-1807-1 fixed vulnerabilities in MySQL. This update provides MySQL 5.5.31 for Ubuntu 13.04. Multiple security issues were discovered... • http://secunia.com/advisories/53372 •
CVSS: 7.5EPSS: 5%CPEs: 5EXPL: 3CVE-2012-5627 – Oracle MySQL / MariaDB - Insecure Salt Generation Security Bypass
https://notcve.org/view.php?id=CVE-2012-5627
11 Apr 2013 — Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks. Oracle MySQL y MariaDB 5.5.x anteriores a 5.5.29, 5.3.x anteriores a 5.3.12, y 5.2.x anteriores a 5.2.14 no modifican el "salt" durante múltiples ejecuciones del comando change_user en una misma conexión, lo cual... • https://www.exploit-db.com/exploits/38109 • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 105EXPL: 0CVE-2012-0553 – Gentoo Linux Security Advisory 201308-06
https://notcve.org/view.php?id=CVE-2012-0553
28 Mar 2013 — Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492. Desbordamiento de búfer en yaSSL, usado en MySQL v5.1.x antes de v5.1.68 y v5.5.x antes de v5.5.28, tiene un impacto no especificado y vectores de ataque, una vulnerabilidad diferente a CVE-2013-1492. USN-1807-1 fixed vulnerabilities in MySQL. This update provides MySQL 5.5.31 for Ubuntu 13.04. Multiple security issues were discovere... • http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 107EXPL: 0CVE-2013-1492 – MySQL yaSSL Heap Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1492
28 Mar 2013 — Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553. Desbordamiento de búfer en yaSSL, como se usa en MySQL v5.1.x hasta 5.1.68 y en v5.5.x antes de v5.5.30, tiene un impacto no especificado y vectores de ataque, una vulnerabilidad diferente a CVE-2012-0553. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of MySQL with yaSSL. Authenticat... • http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 54%CPEs: 21EXPL: 2CVE-2013-1861 – MySQL / MariaDB - Geometry Query Denial of Service
https://notcve.org/view.php?id=CVE-2013-1861
28 Mar 2013 — MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error. MariaDB 5.5.x en versiones anteriores a 5.5.30, 5.3.x en versiones anterio... • https://www.exploit-db.com/exploits/38392 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 77EXPL: 0CVE-2012-4414 – Ubuntu Security Notice USN-1807-1
https://notcve.org/view.php?id=CVE-2012-4414
22 Jan 2013 — Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete. Múltiples vulnerabilidades de inyección SQL en el código de replicación de... • http://bugs.mysql.com/bug.php?id=66550 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2012-0572 – mysql: unspecified DoS vulnerability related to InnoDB (CPU Jan 2013)
https://notcve.org/view.php?id=CVE-2012-0572
17 Jan 2013 — Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. Vulnerabilidad no especificada en el componente Server en Oracle MySQL v5.1.66 y anteriores y v5.5.28 y anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con InnoDB. Multiple security issues were discovered in MySQL and this update ... • http://rhn.redhat.com/errata/RHSA-2013-0219.html •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2012-0578 – Gentoo Linux Security Advisory 201308-06
https://notcve.org/view.php?id=CVE-2012-0578
17 Jan 2013 — Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. Vulnerabilidad no especificada en el componente Server en Oracle MySQL v5.5.28 y anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con "Server Optimizer". Multiple security issues were discovered in MySQL and this update includes new upstream My... • http://secunia.com/advisories/53372 •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2012-1702 – mysql: unspecified unauthenticated DoS vulnerability related to Server (CPU Jan 2013)
https://notcve.org/view.php?id=CVE-2012-1702
17 Jan 2013 — Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors. Vulnerabilidad no especificada en el componente Server en Oracle MySQL v5.1.66 y anteriores y v5.5.28 y anteriores, permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these i... • http://rhn.redhat.com/errata/RHSA-2013-0219.html •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2012-1705 – mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Jan 2013)
https://notcve.org/view.php?id=CVE-2012-1705
17 Jan 2013 — Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. Vulnerabilidad no especificada en el componente Server en Oracle MySQL v5.1.66 y anteriores y v5.5.28 y anteriores, permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con el Server Optimizer. Multiple security issues were discovered i... • http://rhn.redhat.com/errata/RHSA-2013-0219.html •