CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2015-4761 – mysql: unspecified vulnerability related to Server:Memcached (CPU July 2015)
https://notcve.org/view.php?id=CVE-2015-4761
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. Vulnerabilidad no especificada en Oracle MySQL Server 5.6.24 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Memcached. • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html http://rhn.redhat.com/errata/RHSA-2015-1630.html http://rhn.redhat.com/errata/RHSA-2015-1646.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/75770 http://www.securitytracker.com/id/1032911 http://www.ubuntu.com/usn/USN-2674-1 https://access.redhat.com/security/cve/CVE-2015-4761 https://bugzilla.redhat.com/show_bug.cgi?id=1244782 •
CVSS: 4.0EPSS: 0%CPEs: 27EXPL: 0CVE-2015-2582 – mysql: unspecified vulnerability related to Server:GIS (CPU July 2015)
https://notcve.org/view.php?id=CVE-2015-2582
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS. Vulnerabilidad no especificada en Oracle MySQL Server versión 5.5.43 y anteriores y versión 5.6.24 y anteriores, permiten a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con los GIS. • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html http://rhn.redhat.com/errata/RHSA-2015-1628.html http://rhn.redhat.com/errata/RHSA-2015-1629.html http://rhn.redhat.com/errata/RHSA-2015-1630.html http://rhn.redhat.com/errata/RHSA-2015-1646.html http://rhn.redhat.com/errata/RHSA-2015-1647.html http://rhn.redhat.com/errata/RHSA-2015-1665.html http://www.debian.org/security/2015/dsa-3308 http://www.debian.org/security/2015/dsa-3311 http:// •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2015-4769 – mysql: unspecified vulnerability related to Server:Security:Firewall (CPU July 2015)
https://notcve.org/view.php?id=CVE-2015-4769
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4767. Vulnerabilidad no especificada en Oracle MySQL Server 5.6.24 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Security : Firewall, una vulnerabilidad diferente a CVE-2015-4767. • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html http://rhn.redhat.com/errata/RHSA-2015-1630.html http://rhn.redhat.com/errata/RHSA-2015-1646.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/75753 http://www.securitytracker.com/id/1032911 http://www.ubuntu.com/usn/USN-2674-1 https://security.gentoo.org/glsa/201610-06 https://access.redhat.com/security/cve/CVE-2015-4769 https://bugzilla.redhat •
CVSS: 5.9EPSS: 0%CPEs: 27EXPL: 1CVE-2015-3152 – mysql: use of SSL/TLS can not be enforced in mysql client library (oCERT-2015-003, BACKRONYM)
https://notcve.org/view.php?id=CVE-2015-3152
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack. Oracle MySQL en versiones anteriores a 5.7.3, Oracle MySQL Connector/C (también conocido como libmysqlclient) en versiones anteriores a 6.1.3 y MariaDB en versiones anteriores a 5.5.44 utiliza la opción --ssl significa que SSL es opcional, lo que permite a atacantes man-in-the-middle suplantar servidores a través de un ataque de degradación de texto plano, también conocida como un ataque "BACKRONYM". It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html http://rhn.redhat.com/errata/RHSA-2015-1646.html http://rhn.redhat.com/errata/RHSA-2015-1647.html http://rhn& • CWE-295: Improper Certificate Validation •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0508
https://notcve.org/view.php?id=CVE-2015-0508
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0506. Vulnerabilidad no especificada en Oracle MySQL Server 5.6.23 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : InnoDB, una vulnerabilidad diferente a CVE-2015-0506. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securitytracker.com/id/1032121 https://security.gentoo.org/glsa/201507-19 •