Page 52 of 267 results (0.023 seconds)

CVSS: 4.0EPSS: 0%CPEs: 130EXPL: 0

CVE-2010-3837 – MySQL: crash when group_concat and "with rollup" in prepared statements (MySQL Bug#54476)

https://notcve.org/view.php?id=CVE-2010-3837

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object. MySQL v5.0 antes de v5.0.92, v5.1 antes de v5.1.51, y v5.5 antes de v5.5.6 permiten a usuarios remotos autenticados causar una denegación de servicio (por caída del servidor) a través de una declaración preparada que utiliza GROUP_CONCAT con el modificador WITH ROLLUP, probablemente provocando un error de uso después de liberación un objeto copiado es modificado, de tal manera que también afecta al objeto original. • http://bugs.mysql.com/bug.php?id=54476 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://secunia.com/advisories/42875 http://secunia.com/advisories/42936 http://support.apple.com/kb/HT4723 http://www.debian.org/security/2011/dsa-2143 htt • CWE-399: Resource Management Errors •

CVSS: 4.0EPSS: 0%CPEs: 130EXPL: 0

CVE-2010-3838 – MySQL: crash with LONGBLOB and union or update with subquery (MySQL Bug#54461)

https://notcve.org/view.php?id=CVE-2010-3838

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table." MySQL v5.0 antes de v5.0.92, v5.1 antes de v5.1.51, y v5.5 antes de v5.5.6 permite a usuarios remotos autenticados causar una denegación de servicio (por caída del servidor) a través de una consulta que utiliza el las funciones (1) GREATEST o (2) LEAST con una lista de argumentos numéricos y LONGBLOB, que no son correctamente manipulados cuando el resultado de la función es procesado utilizando una tabla temporal intermedia. • http://bugs.mysql.com/bug.php?id=54461 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://secunia.com/advisories/42875 http://secunia.com/advisories/42936 http://support.apple.com/kb/HT4723 http://www.debian.org/security/2011/dsa-2143 htt •

CVSS: 4.0EPSS: 1%CPEs: 65EXPL: 0

CVE-2010-3839 – MySQL: server hangs during JOIN query in stored procedures called twice in a row (MySQL Bug#53544)

https://notcve.org/view.php?id=CVE-2010-3839

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements. MySQL v5.1 antes de v5.1.51 y v5.5 antes de v5.5.6 permite a usuarios remotos autenticados causar una denegación de servicio (por un bucle infinito) a través de varias invocaciones de (1) un procedimiento preparado o (2) un procedimiento almacenado que crea una consulta con JOINs anidados . • http://bugs.mysql.com/bug.php?id=53544 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html http://secunia.com/advisories/42936 http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 http://www.redhat.com/support/errata/RHSA-2010-0825.html http://www.redhat.com/support/errata/RHSA-2011-0164.html http://www.securityfocus •

CVSS: 4.0EPSS: 3%CPEs: 61EXPL: 4

CVE-2010-3681 – Oracle MySQL 5.1.48 - 'HANDLER' Interface Denial of Service

https://notcve.org/view.php?id=CVE-2010-3681

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure. MySQL de Oracle versiones 5.1 anteriores a 5.1.49 y versiones 5.5 anteriores a 5.5.5, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo del demonio mysqld) mediante la interfaz HANDLER y realizar "alternate reads from two indexes on a table", lo que desencadena un fallo de aserción. • https://www.exploit-db.com/exploits/34520 http://bugs.mysql.com/bug.php?id=54007 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html http://dev.mysql.com/doc/refman/5.5/en/news-5-5-5.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html http://secunia.com/advisories/42875 http://secunia.com/advisories/42936 http://www.debian.org/security/2011/dsa-21 •

CVSS: 5.0EPSS: 1%CPEs: 61EXPL: 4

CVE-2010-3683 – OraclMySQL 5.1.48 - 'LOAD DATA INFILE' Denial of Service

https://notcve.org/view.php?id=CVE-2010-3683

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request. MySQL de Oracle versiones 5.1 anteriores a 5.1.49 y versiones 5.5 anteriores a 5.5.5, envía un paquete OK cuando una petición LOAD DATA INFILE genera errores SQL, lo que permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo del demonio mysqld) por medio de una petición especialmente diseñada. • https://www.exploit-db.com/exploits/34510 http://bugs.mysql.com/bug.php?id=52512 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html http://dev.mysql.com/doc/refman/5.5/en/news-5-5-5.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html http://secunia.com/advisories/42936 http://www.mandriva.com/security/advisories?name=MDVSA-2010:155 http://www.mandri •