CVSS: 7.5EPSS: 0%CPEs: 105EXPL: 0CVE-2012-0553
https://notcve.org/view.php?id=CVE-2012-0553
Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492. Desbordamiento de búfer en yaSSL, usado en MySQL v5.1.x antes de v5.1.68 y v5.5.x antes de v5.5.28, tiene un impacto no especificado y vectores de ataque, una vulnerabilidad diferente a CVE-2013-1492. • http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html http://secunia.com/advisories/52445 http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml https://blogs.oracle.com/sunsecurity/entry/cve_2012_0553_buffer_overflow • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 90%CPEs: 21EXPL: 2CVE-2013-1861 – MySQL / MariaDB - Geometry Query Denial of Service
https://notcve.org/view.php?id=CVE-2013-1861
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error. MariaDB 5.5.x en versiones anteriores a 5.5.30, 5.3.x en versiones anteriores a 5.3.13, 5.2.x en versiones anteriores a 5.2.15 y 5.1.x en versiones anteriores a 5.1.68 y Oracle MySQL 5.1.69 y versiones anteriores, 5.5.31 y versiones anteriores y 5.6.11 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída) a través de una funcionalidad de geometría manipulada que especifica un gran número de puntos, que no es apropiadamente manipulada cuando se procesa la representación binaria de esta funcionalidad, relacionado con un error de cálculo numérico. • https://www.exploit-db.com/exploits/38392 http://lists.askmonty.org/pipermail/commits/2013-March/004371.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html http://seclists.org/oss-sec/2013/q1/671 http://secunia.com/advisories/52639 http://secunia.com/a • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 107EXPL: 0CVE-2013-1492 – MySQL yaSSL Heap Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1492
Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553. Desbordamiento de búfer en yaSSL, como se usa en MySQL v5.1.x hasta 5.1.68 y en v5.5.x antes de v5.5.30, tiene un impacto no especificado y vectores de ataque, una vulnerabilidad diferente a CVE-2012-0553. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of MySQL with yaSSL. Authentication is not required to exploit this vulnerability. The specific flaw exists within the yaSSL library that is optionally used by MySQL for SSL communication. There exists an off-by-one overflow that is repeatedly performed during the SSL handshake. • http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-30.html http://secunia.com/advisories/52445 http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml https://blogs.oracle.com/sunsecurity/entry/cve_2013_1492_buffer_overflow • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 77EXPL: 0CVE-2012-4414
https://notcve.org/view.php?id=CVE-2012-4414
Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete. Múltiples vulnerabilidades de inyección SQL en el código de replicación de Oracle en MySQL v5.5.29 posiblemente antes, y MariaDB v5.1.x hasta v5.1.62, v5.2.x hasta v5.2.12, v5.3.x hasta v5.3.7 y v5.5.x hasta v5.5.25 que permiten a usuarios remotos autenticados ejecutar comandos SQL a través de vectores relacionados con el registro binario. NOTA: a partir de 20130116, Oracle no se ha pronunciado sobre las alegaciones de un proveedor de bajo nivel en las que se explica que la corrección de MySQL v5.5.29 es incompleta. • http://bugs.mysql.com/bug.php?id=66550 http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.mysqlperformanceblog.com& • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.0EPSS: 0%CPEs: 8EXPL: 0CVE-2012-0578
https://notcve.org/view.php?id=CVE-2012-0578
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. Vulnerabilidad no especificada en el componente Server en Oracle MySQL v5.5.28 y anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con "Server Optimizer". • http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html http://www.ubuntu.com/usn/USN-1703-1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16947 •