CVSS: 6.0EPSS: 5%CPEs: 48EXPL: 0CVE-2007-2692 – mysql SECURITY INVOKER functions do not drop privileges
https://notcve.org/view.php?id=CVE-2007-2692
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges. La función mysql_change_db en MySQL 5.0.x anterior a 5.0.40 y 5.1.x anterior a 5.1.18 no restaura los privilegios THD::db_access cuando regresa de rutinas almacenadas SQL SECURITY INVOKER, lo cual permite a usuarios autenticados remotamente obtener privilegios. • http://bugs.mysql.com/bug.php?id=27337 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html http://lists.mysql.com/announce/470 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html http://osvdb.org/34765 http://secunia.com/advisories/25301 http://secunia.com/advisories/26073 http://secunia.com/advisories/26430 http://secunia.com/advisories/27823 http://secunia.com/advisories/28637 http://secunia.com/advisories/28838 http://secunia& •
CVSS: 4.0EPSS: 0%CPEs: 7EXPL: 2CVE-2007-2583 – MySQL 5.0.x - IF Query Handling Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-2583
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. La función in_decimal::set en el archivo item_cmpfunc.cc en mySQL versiones anteriores a 5.0.40, y versiones 5.1 anteriores a 5.1.18-beta, permite a atacantes dependiendo del contexto causar una denegación de servicio (bloqueo) por medio de una cláusula IF especialmente diseñada que resulta en un error de división por cero y una desreferencia del puntero NULL. MySQL version 5.0.x suffers from an IF query handling remote denial of service vulnerability. • https://www.exploit-db.com/exploits/30020 http://bugs.mysql.com/bug.php?id=27513 http://lists.mysql.com/commits/23685 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html http://packetstormsecurity.com/files/124295/MySQL-5.0.x-Denial-Of-Service.html http://secunia.com/advisories/25188 http://secunia.com/advisories/25196 http://secunia.com/advisories/25255 http://secunia.com/advisories/25389 http://secunia.com/advisories/25946 http://secunia.com/advis •
CVSS: 2.1EPSS: 0%CPEs: 18EXPL: 3CVE-2007-1420 – MySQL 5.0.x - Single Row SubSelect Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-1420
MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function. MySQL versión 5.x anterior a 5.0.36, permite a los usuarios locales causar una denegación de servicio (bloqueo de base de datos) al realizar subselecciones de la tabla information_schema y utilizar ORDER BY para ordenar un resultado de una sola fila, lo que impide que determinados elementos de la estructura se inicialicen y desencadene una desreferencia de NULL en la función filesort. • https://www.exploit-db.com/exploits/29724 http://bugs.mysql.com/bug.php?id=24630 http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-36.html http://secunia.com/advisories/24483 http://secunia.com/advisories/24609 http://secunia.com/advisories/25196 http://secunia.com/advisories/25389 http://secunia.com/advisories/25946 http://secunia.com/advisories/30351 http://security.gentoo.org/glsa/glsa-200705-11.xml http://securityreason.com/securityalert/2413 http:& • CWE-476: NULL Pointer Dereference •
CVSS: 3.5EPSS: 0%CPEs: 6EXPL: 0CVE-2006-7232 – mysql: daemon crash via EXPLAIN on queries on information schema
https://notcve.org/view.php?id=CVE-2006-7232
sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY. sql_select.cc en MySQL 5.0.x anterior a 5.0.32 y 5.1.x anterior a 5.1.14 permite a usuarios autenticados remotamente provocar una denegación de servicio (caída) mediante un EXPLAIN SELECT FROM en la tabla INFORMATION_SCHEMA como se ha demostrado utilizando ORDER BY. • http://bugs.mysql.com/bug.php?id=22413 http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-32.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-14.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/29443 http://secunia.com/advisories/30351 http://secunia.com/advisories/31687 http://www.redhat.com/support/errata/RHSA-2008-0364.html http://www.securityfocus.com/bid/28351 http://www. • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 8%CPEs: 12EXPL: 3CVE-2006-4227 – MySQL 4/5 - SUID Routine Miscalculation Arbitrary DML Statement Execution
https://notcve.org/view.php?id=CVE-2006-4227
MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE. MySQL anterior a 5.0.25 y 5.1 anterior a 5.1.12 evalúa los argumentos de rutinas suid en el contexto de seguridad del creador de la rutina en lugar del de aquel que llama a la rutina, lo que permite a usuarios autenticados remotamente escalar privilegios a través de una rutina que ha sido puesta a su disposición utilizando GRANT EXECUTE. • https://www.exploit-db.com/exploits/28398 http://bugs.mysql.com/bug.php?id=18630 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html http://lists.mysql.com/commits/7918 http://secunia.com/advisories/21506 http://secunia.com/advisories/21770 http://secunia.com/advisories/22080 http://secunia.com/advisories/30351 http://securitytracker.com/id?1016709 http://www.novell.com/linux/security/advisories/2006_23_sr.html http://www.redhat.com/support/errata/ • CWE-20: Improper Input Validation •