CVE-2013-1511
https://notcve.org/view.php?id=CVE-2013-1511
Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. Vulnerabilidad sin especificar en Oracle MySQL 5.5.30 y anteriores, y 5.6.10 y anteriores, permite a usuarios autenticados remotamente comprometer la disponibilidad a través de vectores no especificados relacionados con InnoDB. • http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html •
CVE-2013-1506 – mysql: unspecified DoS related to Server Locking (CPU April 2013)
https://notcve.org/view.php?id=CVE-2013-1506
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking. Vulnerabilidad sin especificar en Oracle MySQL 5.1.67 y anteriores, 5.6.10 y anteriores y 5.5.29 y anteriores, permite a usuarios autenticados remotamente comprometer la disponibilidad a través de vectores no especificados relacionados con Server Locking. • http://rhn.redhat.com/errata/RHSA-2013-0772.html http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html https://access.redhat.com/security/cve/CVE-2013-1506 https://bugzilla.redhat.com/show_bug.cgi?id=952899 •
CVE-2013-1502
https://notcve.org/view.php?id=CVE-2013-1502
Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition. Vulnerabilidad sin especificar en Oracle MySQL 5.5.30 y anteriores y 5.6.9 y anteriores, permite a usuarios locales comprometer la disponibilidad a través de vectores relacionados con Server Partition. • http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html •
CVE-2013-1512
https://notcve.org/view.php?id=CVE-2013-1512
Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. Vulnerabilidad no especificada en el Oracle MySQL v5.5.29 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad mediante vectores relacionados con Data Manipulation Language. • http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html •
CVE-2012-5627 – Oracle MySQL / MariaDB - Insecure Salt Generation Security Bypass
https://notcve.org/view.php?id=CVE-2012-5627
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks. Oracle MySQL y MariaDB 5.5.x anteriores a 5.5.29, 5.3.x anteriores a 5.3.12, y 5.2.x anteriores a 5.2.14 no modifican el "salt" durante múltiples ejecuciones del comando change_user en una misma conexión, lo cual facilita a usuarios remotamente autenticados ejecutar ataques de adivinación de contraseña por fuerza bruta. • https://www.exploit-db.com/exploits/38109 http://seclists.org/fulldisclosure/2012/Dec/58 http://seclists.org/fulldisclosure/2012/Dec/83 http://seclists.org/oss-sec/2012/q4/424 http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 https://bugzilla.redhat.com/show_bug.cgi?id=883719 https://mariadb.atlassian.net/browse/MDEV-3915 • CWE-522: Insufficiently Protected Credentials •