CVE-2012-0113 – mysql: Unspecified vulnerability allows remote authenticated users to affect confidentiality and availability
https://notcve.org/view.php?id=CVE-2012-0113
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118. Vulnerabilidad no especificada en el componente MySQL Server de Oracle MySQL v5.1.x y v5.5.x permite a usuarios remotos autenticados afectar a la confidencialidad y a la disponibilidad de los datos a través de vectores desconocidos. Se trata de una vulnerabilidad diferente a la CVE-2012-0118. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687 http://secunia.com/advisories/48250 http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.debian.org/security/2012/dsa-2429 http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html http://www.ubuntu.com/usn/USN-1397-1 https://access.redhat.com/security/cve/CVE-2012-0113 https://bugzilla.redhat.com/show_bug.cgi?id=783800 •
CVE-2010-3676 – Oracle MySQL < 5.1.49 - 'DDL' Statements Denial of Service
https://notcve.org/view.php?id=CVE-2010-3676
storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement. El archivo storage/innobase/dict/dict0crea.c en mysqld en MySQL de Oracle versiones 5.1 anteriores a 5.1.49, permite a los usuarios autenticados remotos causar una denegación de servicio (fallo de aserción) mediante la modificación de la configuración de los parámetros (1) innodb_file_format o (2) innodb_file_per_table por el motor de almacenamiento InnoDB y, a continuación, ejecutar una declaración DDL. • https://www.exploit-db.com/exploits/34522 http://bugs.mysql.com/bug.php?id=55039 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:012 http://www.openwall.com/lists/oss-security/2010/09/28/10 http://www.securityfocus.com/bid/42643 http://www.vupen.com/english/advisories/2011/0133 https://bugzilla.redhat.com/show_bug.cgi?id=628660 https://exchange.xforce.ibmcloud.com/vulnerabilities/64689 •
CVE-2010-3839 – MySQL: server hangs during JOIN query in stored procedures called twice in a row (MySQL Bug#53544)
https://notcve.org/view.php?id=CVE-2010-3839
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements. MySQL v5.1 antes de v5.1.51 y v5.5 antes de v5.5.6 permite a usuarios remotos autenticados causar una denegación de servicio (por un bucle infinito) a través de varias invocaciones de (1) un procedimiento preparado o (2) un procedimiento almacenado que crea una consulta con JOINs anidados . • http://bugs.mysql.com/bug.php?id=53544 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html http://secunia.com/advisories/42936 http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 http://www.redhat.com/support/errata/RHSA-2010-0825.html http://www.redhat.com/support/errata/RHSA-2011-0164.html http://www.securityfocus •
CVE-2010-3836 – MySQL: pre-evaluating LIKE arguments in view prepare mode causes crash (MySQL Bug#54568)
https://notcve.org/view.php?id=CVE-2010-3836
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers. MySQL v5.0 antes de v5.0.92, v5.1 antes de v5.1.51, y v5.5 antes de v5.5.6 permite a usuarios remotos autenticados causar una denegación de servicio (por un error de aserción y consiguiente caída del servidor) a través de vectores relacionados con la preparación de una vista, pre-evaluación de predicados LIKE, y Optimizadores IN. • http://bugs.mysql.com/bug.php?id=54568 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://secunia.com/advisories/42875 http://secunia.com/advisories/42936 http://support.apple.com/kb/HT4723 http://www.debian.org/security/2011/dsa-2143 htt • CWE-399: Resource Management Errors •
CVE-2010-3837 – MySQL: crash when group_concat and "with rollup" in prepared statements (MySQL Bug#54476)
https://notcve.org/view.php?id=CVE-2010-3837
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object. MySQL v5.0 antes de v5.0.92, v5.1 antes de v5.1.51, y v5.5 antes de v5.5.6 permiten a usuarios remotos autenticados causar una denegación de servicio (por caída del servidor) a través de una declaración preparada que utiliza GROUP_CONCAT con el modificador WITH ROLLUP, probablemente provocando un error de uso después de liberación un objeto copiado es modificado, de tal manera que también afecta al objeto original. • http://bugs.mysql.com/bug.php?id=54476 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://secunia.com/advisories/42875 http://secunia.com/advisories/42936 http://support.apple.com/kb/HT4723 http://www.debian.org/security/2011/dsa-2143 htt • CWE-399: Resource Management Errors •