CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0CVE-2016-0606 – mysql: unspecified vulnerability in subcomponent: Server: Security: Encryption (CPU January 2016)
https://notcve.org/view.php?id=CVE-2016-0606
21 Jan 2016 — Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption. Vulnerabilidad no especificada en Oracle MySQL 5.5.46 y versiones anteriores, 5.6.27 y versiones anteriores y 5.7.9 y MariaDB en versiones anteriores a 5.5.47, 10.0.x en versiones anteriores a 10.0.23 y 10.1.x en versiones anteriores a 10.1.10 per... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2016-0607 – mysql: unspecified vulnerability in subcomponent: Server: Replication (CPU January 2016)
https://notcve.org/view.php?id=CVE-2016-0607
21 Jan 2016 — Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication. Vulnerabilidad no especificada en Oracle MySQL 5.6.27 y versiones anteriores y 5.7.9 permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con replication. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0CVE-2016-0608 – mysql: unspecified vulnerability in subcomponent: Server: UDF (CPU January 2016)
https://notcve.org/view.php?id=CVE-2016-0608
21 Jan 2016 — Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF. Vulnerabilidad no especificada en Oracle MySQL 5.5.46 y versiones anteriores, 5.6.27 y versiones anteriores y 5.7.9 y MariaDB en versiones anteriores a 5.5.47, 10.0.x en versiones anteriores a 10.0.23 y 10.1.x en versiones anteriores a 10.1.10 permite a usuar... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html •
CVSS: 5.9EPSS: 56%CPEs: 27EXPL: 2CVE-2015-3152 – mysql: use of SSL/TLS can not be enforced in mysql client library (oCERT-2015-003, BACKRONYM)
https://notcve.org/view.php?id=CVE-2015-3152
29 Apr 2015 — Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack. Oracle MySQL en versiones anteriores a 5.7.3, Oracle MySQL Connector/C (también conocido como libmysqlclient) en versiones anteriores a 6.1.3 y MariaDB en versiones anteriores a 5.5.44 utiliza la opción --ssl significa que SSL es ... • https://github.com/duo-labs/mysslstrip • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2013-1548 – mysql: unspecified DoS related to Server Types (CPU April 2013)
https://notcve.org/view.php?id=CVE-2013-1548
17 Apr 2013 — Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types. Vulnerabilidad no especificada en Oracle MySQL v5.1.63 y anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con Server Types. Multiple vulnerabilities have been found in MySQL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 5.1.7... • http://rhn.redhat.com/errata/RHSA-2013-0772.html •
CVSS: 8.1EPSS: 0%CPEs: 86EXPL: 2CVE-2008-7247
https://notcve.org/view.php?id=CVE-2008-7247
30 Nov 2009 — sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink. sql/sql_table.cc en MySQL v5.0.x hasta la v5.0.88, v5.1.x hasta la v5.1.41, y v6.0 anteriores a v6.0.9-alpha, cuando e... • http://bugs.mysql.com/bug.php?id=39277 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 4%CPEs: 36EXPL: 2CVE-2009-0819 – MySQL 6.0.9 - XPath Expression Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-0819
05 Mar 2009 — sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure. El archivo sql/item_xmlfunc.cc en MySQL versiones 5.1 anteriores a 5.1.32 y versiones 6.0 anteriores a 6.0.10, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo) por medio de "an XPath expre... • https://www.exploit-db.com/exploits/32838 •
CVSS: 7.5EPSS: 5%CPEs: 64EXPL: 1CVE-2008-3963 – MySQL 6.0.4 - Empty Binary String Literal Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-3963
10 Sep 2008 — MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement. MySQL versiones 5.0 anteriores a 5.0.66, versiones 5.1 anteriores a 5.1.26 y versiones 6.0 anteriores a 6.0.6, no maneja apropiadamente un token b'' (b comilla simple comilla simple), también se conoce como literal de cadena de bits... • https://www.exploit-db.com/exploits/32348 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 1CVE-2008-2079 – mysql: privilege escalation via DATA/INDEX DIRECTORY directives
https://notcve.org/view.php?id=CVE-2008-2079
05 May 2008 — MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future. MySQL 4.1.x anterior a 4.1.24, 5.0.x antes de 5.0.60, 5.1.x anterior a 5.1.24 y 6.0.x antes de 6.0.5 permite a usuarios locales evitar ciertas comprobaci... • http://bugs.mysql.com/bug.php?id=32167 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 29EXPL: 1CVE-2007-6303 – mysql: DEFINER value of view not altered on ALTER VIEW
https://notcve.org/view.php?id=CVE-2007-6303
10 Dec 2007 — MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. MySQL versiones 5.0.x anteriores a 5.0.51a, versiones 5.1.x anteriores a 5.1.23 y versiones 6.0.x anteriores a 6.0.4, no actualizan el valor DEFINER de una vista cuando se modifica la vista, lo que ... • http://bugs.mysql.com/bug.php?id=29908 •