CVSS: 5.0EPSS: 6%CPEs: 5EXPL: 2CVE-2012-5615 – MySQL - Remote User Enumeration
https://notcve.org/view.php?id=CVE-2012-5615
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames. MySQL v5.5.19 y posiblemente otras versiones, y MariaDB v5.5.28a, v5.3.11, v5.2.13, v5.1.66, y posiblemente con otras versiones, generan mensajes de error diferentes con retardos de tiempo diferentes dependiendo de si existe un nombre de usuario, lo que permite atacantes remotos para enumerar los nombres de usuario válidos. Oracle MySQL suffers from a user enumeration vulnerability. This is a utility that demonstrates the issue. • https://www.exploit-db.com/exploits/23081 https://www.exploit-db.com/exploits/23073 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html http://seclists.org/fulldisclosure/2012/Dec/9 http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 http://www.openwall.com/lists/oss-security/2012/12/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 4.0EPSS: 3%CPEs: 9EXPL: 2CVE-2012-5614 – MySQL - Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2012-5614
Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements. MySQL v5.5.19 y posiblemente otras versiones, y MariaDB v5.5.28a y posiblemente otras versiones, permiten a usuarios remotos autenticados provocar una denegación de servicio (caída de mysqld) a través de un comando SELECT con un comando updateXML que contiene XML con un gran número de elementos anidados "unique". Oracle MySQL version 5.5.19-log on SuSE Linux suffers from a denial of service vulnerability. • https://www.exploit-db.com/exploits/23078 http://rhn.redhat.com/errata/RHSA-2013-0772.html http://seclists.org/fulldisclosure/2012/Dec/7 http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.openwall.com/lists/oss-security/2012/12/02/3 http://www.openwall.com/lists/oss-security/2012/12/02/4 http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555. •
CVSS: 6.5EPSS: 96%CPEs: 14EXPL: 4CVE-2012-5612 – MySQL (Linux) - Heap Overrun (PoC)
https://notcve.org/view.php?id=CVE-2012-5612
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands. El desbordamiento de búfer en la región heap de la memoria en MySQL versión 5.5.19 y otras versiones hasta 5.5.28, y MariaDB versión 5.5.28a y posiblemente otras versiones, de Oracle, permite a los usuarios remotos autenticados causar una denegación de servicio (corrupción de memoria y bloqueo) y posiblemente ejecutar código arbitrario, como es demostrado utilizando ciertas variaciones de los comandos (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE y (12) SET PASSWORD. Oracle MySQL on Linux suffers from a heap overrun vulnerability. • https://www.exploit-db.com/exploits/23076 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html http://seclists.org/fulldisclosure/2012/Dec/5 http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.exploit-db.com/exploits/23076 http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.openwall.com/lists/oss-security/2012/12/02/3 ht • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 94%CPEs: 47EXPL: 2CVE-2012-5611 – MySQL (Linux) - Stack Buffer Overrun (PoC)
https://notcve.org/view.php?id=CVE-2012-5611
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command. Desbordamiento de búfer basado en pila en MySQL v5.5.19, v5.1.53, y posiblemente otras versiones, y MariaDB v5.5.2.x antes de v5.5.28a, v5.3.x antes de v5.3.11, v5.2.x antes de v5.2.13 y v5.1.x antes de v5.1.66, permite a usuarios autenticados remotamente ejecutar código de su elección a través de un argumento largo en el comando GRANT FILE. • https://www.exploit-db.com/exploits/23075 http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html http://lists • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 6.0EPSS: 96%CPEs: 3EXPL: 7CVE-2012-5613 – Oracle MySQL for Microsoft Windows FILE Privilege Abuse
https://notcve.org/view.php?id=CVE-2012-5613
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue. ** En disputa ** MySQL v5.5.19 y posiblemente otras versiones, y MariaDB v5.5.28a y posiblemente otros, cuando se configura para asignar el permiso FILE para los usuarios que no deben tener privilegios administrativos, permite a usuarios remotos autenticados obtener privilegios aprovechándose del privilegio FILE para crear los archivos como el administrador de MySQL. NOTA: el vendedor se opone a esta cuestión, afirmando que esto es sólo una vulnerabilidad cuando el administrador no sigue las recomendaciones en la documentación de instalación del producto. NOTA: Se podría argumentar que esto no debería ser incluido en CVE porque es un problema de configuración. • https://www.exploit-db.com/exploits/23077 https://www.exploit-db.com/exploits/35777 https://www.exploit-db.com/exploits/23179 https://github.com/w4fz5uck5/UDFPwn-CVE-2012-5613 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html http://seclists.org/fulldisclosure/2012/Dec/6 http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.openwall.com/lists/oss-security/2012/12/02/3 http://www.openwall.com/lists& • CWE-16: Configuration •