CVE-2012-0578
https://notcve.org/view.php?id=CVE-2012-0578
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. Vulnerabilidad no especificada en el componente Server en Oracle MySQL v5.5.28 y anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con "Server Optimizer". • http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html http://www.ubuntu.com/usn/USN-1703-1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16947 •
CVE-2013-0375 – mysql: Unspecified vulnerability in the server replication of the Oracle MySQL server allows remote attackers to alter confidentiality and integrity
https://notcve.org/view.php?id=CVE-2013-0375
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication. Una vulnerabilidad no especificada en el componente Servidor de Oracle MySQL v5.1.66 y anteriores y v5.1.28 y anteriores, permite a usuarios remotos autenticados afectar a la confidencialidad y la integridad a través de vectores desconocidos relacionados con los servidores de replicación (Replication Server). • http://rhn.redhat.com/errata/RHSA-2013-0219.html http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html http://www.ubuntu.com/usn/USN-1703-1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17175 https://access.redhat.com/security/cve/CVE-2013-0375 https://bugzilla.redhat.com& •
CVE-2013-0384 – mysql: unspecified DoS vulnerability related to Information Schema (CPU Jan 2013)
https://notcve.org/view.php?id=CVE-2013-0384
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema. Una vulnerabilidad no especificada en el componente Servidor de Oracle MySQL v5.1.66 y anteriores y v5.5.28 y anteriores, permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con los esquemas de información. • http://rhn.redhat.com/errata/RHSA-2013-0219.html http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html http://www.ubuntu.com/usn/USN-1703-1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16632 https://access.redhat.com/security/cve/CVE-2013-0384 https://bugzilla.redhat.com& •
CVE-2012-0882
https://notcve.org/view.php?id=CVE-2012-0882
Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE. Desbordamiento de búfer en yaSSL, como se usa en MySQL v5.5.20 y posiblemente otras versiones incluidas v5.5.x antes de v5.5.22 y y 5.1.x antes de v5.1.62, permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, según lo demostrado por VulnDisco Paquete Profesional v9.17. • http://www.openwall.com/lists/oss-security/2012/02/24/2 https://blogs.oracle.com/sunsecurity/entry/cve_2012_0882buffer_overflow_vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=789141 https://lists.immunityinc.com/pipermail/canvas/2012-February/000011.html https://lists.immunityinc.com/pipermail/canvas/2012-February/000014.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-5615 – MySQL - Remote User Enumeration
https://notcve.org/view.php?id=CVE-2012-5615
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames. MySQL v5.5.19 y posiblemente otras versiones, y MariaDB v5.5.28a, v5.3.11, v5.2.13, v5.1.66, y posiblemente con otras versiones, generan mensajes de error diferentes con retardos de tiempo diferentes dependiendo de si existe un nombre de usuario, lo que permite atacantes remotos para enumerar los nombres de usuario válidos. Oracle MySQL suffers from a user enumeration vulnerability. This is a utility that demonstrates the issue. • https://www.exploit-db.com/exploits/23081 https://www.exploit-db.com/exploits/23073 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html http://seclists.org/fulldisclosure/2012/Dec/9 http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 http://www.openwall.com/lists/oss-security/2012/12/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •