CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 0CVE-2014-2431 – mysql: unspecified DoS related to Options (CPU April 2014)
https://notcve.org/view.php?id=CVE-2014-2431
16 Apr 2014 — Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.36 y anteriores y 5.6.16 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con las opciones. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and ... • http://rhn.redhat.com/errata/RHSA-2014-0522.html •
CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 0CVE-2014-2436 – mysql: unspecified vulnerability related to RBR (CPU April 2014)
https://notcve.org/view.php?id=CVE-2014-2436
16 Apr 2014 — Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.36 y anteriores y 5.6.16 y anteriores, permite a usuarios remotos autenticados afectar a confidencialidad, integridad y disponibilidad a través de vectores relacionados con RBR. Unspecified vulnerability in the MySQL Server component in Oracle My... • http://rhn.redhat.com/errata/RHSA-2014-0522.html •
CVSS: 9.8EPSS: 32%CPEs: 63EXPL: 0CVE-2014-0001 – mysql: command-line tool buffer overflow via long server version string
https://notcve.org/view.php?id=CVE-2014-0001
31 Jan 2014 — Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string. Desbordamiento de buffer en client/mysql.cc en Oracle MySQL y MariaDB anterior a 5.5.35 permite a servidores de bases de datos remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de una cadena de versión del servidor larga. Buffer overflow in clien... • http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2013-1548 – mysql: unspecified DoS related to Server Types (CPU April 2013)
https://notcve.org/view.php?id=CVE-2013-1548
17 Apr 2013 — Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types. Vulnerabilidad no especificada en Oracle MySQL v5.1.63 y anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con Server Types. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This updat... • http://rhn.redhat.com/errata/RHSA-2013-0772.html •
CVSS: 8.1EPSS: 0%CPEs: 86EXPL: 2CVE-2008-7247 – Ubuntu Security Notice 897-1
https://notcve.org/view.php?id=CVE-2008-7247
30 Nov 2009 — sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink. sql/sql_table.cc en MySQL v5.0.x hasta la v5.0.88, v5.1.x hasta la v5.1.41, y v6.0 anteriores a v6.0.9-alpha, cuando e... • http://bugs.mysql.com/bug.php?id=39277 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 4%CPEs: 36EXPL: 2CVE-2009-0819 – MySQL 6.0.9 - XPath Expression Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-0819
05 Mar 2009 — sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure. El archivo sql/item_xmlfunc.cc en MySQL versiones 5.1 anteriores a 5.1.32 y versiones 6.0 anteriores a 6.0.10, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo) por medio de "an XPath expre... • https://www.exploit-db.com/exploits/32838 •
CVSS: 7.5EPSS: 5%CPEs: 64EXPL: 1CVE-2008-3963 – MySQL 6.0.4 - Empty Binary String Literal Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-3963
10 Sep 2008 — MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement. MySQL versiones 5.0 anteriores a 5.0.66, versiones 5.1 anteriores a 5.1.26 y versiones 6.0 anteriores a 6.0.6, no maneja apropiadamente un token b'' (b comilla simple comilla simple), también se conoce como literal de cadena de bits... • https://www.exploit-db.com/exploits/32348 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 1CVE-2008-2079 – mysql: privilege escalation via DATA/INDEX DIRECTORY directives
https://notcve.org/view.php?id=CVE-2008-2079
05 May 2008 — MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future. MySQL 4.1.x anterior a 4.1.24, 5.0.x antes de 5.0.60, 5.1.x anterior a 5.1.24 y 6.0.x antes de 6.0.5 permite a usuarios locales evitar ciertas comprobaci... • http://bugs.mysql.com/bug.php?id=32167 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 29EXPL: 1CVE-2007-6303 – mysql: DEFINER value of view not altered on ALTER VIEW
https://notcve.org/view.php?id=CVE-2007-6303
10 Dec 2007 — MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. MySQL versiones 5.0.x anteriores a 5.0.51a, versiones 5.1.x anteriores a 5.1.23 y versiones 6.0.x anteriores a 6.0.4, no actualizan el valor DEFINER de una vista cuando se modifica la vista, lo que ... • http://bugs.mysql.com/bug.php?id=29908 •
CVSS: 7.5EPSS: 4%CPEs: 46EXPL: 1CVE-2007-6304 – Ubuntu Security Notice 559-1
https://notcve.org/view.php?id=CVE-2007-6304
10 Dec 2007 — The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns. El motor federated en MySQL versiones 5.0.x anteriores a 5.0.51a, versiones 5.1.x anteriores a 5.1.23 y versiones 6.0.x anteriores a 6.0.4, al realizar una determinada consulta SHOW TABLE STATUS, pe... • http://bugs.mysql.com/bug.php?id=29801 •