CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0CVE-2016-0504 – mysql: unspecified vulnerability in subcomponent: Server: DML (CPU January 2016)
https://notcve.org/view.php?id=CVE-2016-0504
21 Jan 2016 — Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503. Vulnerabilidad no especificada en Oracle MySQL 5.6.27 y versiones anteriores y 5.7.9 permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores relacionados con DML, una vulnerabilidad diferente a CVE-2016-0503. Multiple security issues were discovered in MySQL and this update in... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0599
https://notcve.org/view.php?id=CVE-2016-0599
21 Jan 2016 — Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Vulnerabilidad no especificada en Oracle MySQL 5.7.9 permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con Optimizer. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0601
https://notcve.org/view.php?id=CVE-2016-0601
21 Jan 2016 — Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Partition. Vulnerabilidad no especificada en Oracle MySQL 5.7.9 permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con Partition. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 5.9EPSS: 0%CPEs: 27EXPL: 2CVE-2015-3152 – mysql: use of SSL/TLS can not be enforced in mysql client library (oCERT-2015-003, BACKRONYM)
https://notcve.org/view.php?id=CVE-2015-3152
29 Apr 2015 — Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack. Oracle MySQL en versiones anteriores a 5.7.3, Oracle MySQL Connector/C (también conocido como libmysqlclient) en versiones anteriores a 6.1.3 y MariaDB en versiones anteriores a 5.5.44 utiliza la opción --ssl significa que SSL es ... • https://github.com/duo-labs/mysslstrip • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2013-1548 – mysql: unspecified DoS related to Server Types (CPU April 2013)
https://notcve.org/view.php?id=CVE-2013-1548
17 Apr 2013 — Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types. Vulnerabilidad no especificada en Oracle MySQL v5.1.63 y anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con Server Types. Multiple vulnerabilities have been found in MySQL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 5.1.7... • http://rhn.redhat.com/errata/RHSA-2013-0772.html •
CVSS: 8.1EPSS: 0%CPEs: 86EXPL: 2CVE-2008-7247
https://notcve.org/view.php?id=CVE-2008-7247
30 Nov 2009 — sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink. sql/sql_table.cc en MySQL v5.0.x hasta la v5.0.88, v5.1.x hasta la v5.1.41, y v6.0 anteriores a v6.0.9-alpha, cuando e... • http://bugs.mysql.com/bug.php?id=39277 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 4%CPEs: 36EXPL: 2CVE-2009-0819 – MySQL 6.0.9 - XPath Expression Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-0819
05 Mar 2009 — sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure. El archivo sql/item_xmlfunc.cc en MySQL versiones 5.1 anteriores a 5.1.32 y versiones 6.0 anteriores a 6.0.10, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo) por medio de "an XPath expre... • https://www.exploit-db.com/exploits/32838 •
CVSS: 7.5EPSS: 5%CPEs: 64EXPL: 1CVE-2008-3963 – MySQL 6.0.4 - Empty Binary String Literal Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-3963
10 Sep 2008 — MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement. MySQL versiones 5.0 anteriores a 5.0.66, versiones 5.1 anteriores a 5.1.26 y versiones 6.0 anteriores a 6.0.6, no maneja apropiadamente un token b'' (b comilla simple comilla simple), también se conoce como literal de cadena de bits... • https://www.exploit-db.com/exploits/32348 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 1CVE-2008-2079 – mysql: privilege escalation via DATA/INDEX DIRECTORY directives
https://notcve.org/view.php?id=CVE-2008-2079
05 May 2008 — MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future. MySQL 4.1.x anterior a 4.1.24, 5.0.x antes de 5.0.60, 5.1.x anterior a 5.1.24 y 6.0.x antes de 6.0.5 permite a usuarios locales evitar ciertas comprobaci... • http://bugs.mysql.com/bug.php?id=32167 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 46EXPL: 1CVE-2007-6304
https://notcve.org/view.php?id=CVE-2007-6304
10 Dec 2007 — The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns. El motor federated en MySQL versiones 5.0.x anteriores a 5.0.51a, versiones 5.1.x anteriores a 5.1.23 y versiones 6.0.x anteriores a 6.0.4, al realizar una determinada consulta SHOW TABLE STATUS, pe... • http://bugs.mysql.com/bug.php?id=29801 •