CVE-2010-3682 – MySQL 5.1.48 - 'EXPLAIN' Denial of Service
https://notcve.org/view.php?id=CVE-2010-3682
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function. MySQL de Oracle versiones 5.1 anteriores a 5.1.49 y versiones 5.0 anteriores a 5.0.92, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo del demonio mysqld) mediante el uso de EXPLAIN con declaraciones especialmente diseñadas "SELECT ... • https://www.exploit-db.com/exploits/34506 http://bugs.mysql.com/bug.php?id=52711 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://secunia.com/advisories/42875 http://secunia.com/advisories/42936 http://support.apple.com/kb/HT4723 http& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-3678 – Oracle MySQL < 5.1.49 - 'WITH ROLLUP' Denial of Service
https://notcve.org/view.php?id=CVE-2010-3678
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier. MySQL de Oracle versiones 5.1 anteriores a 5.1.49, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo) por medio de operaciones (1) IN o (2) CASE con argumentos NULL que son especificados explícitamente o indirectamente proporcionados por el modificador WITH ROLLUP. • https://www.exploit-db.com/exploits/15467 http://bugs.mysql.com/bug.php?id=54477 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://secunia.com/advisories/42936 http://www.mandriva.com/security/advisories?name=MDVSA-2010:155 http://www.mandriva.com/security/advisories?name=MDVSA-2011:012 http://www.openwall.com/lists/oss-security/2010/09/28/10 http://www.redhat.com/support • CWE-399: Resource Management Errors •
CVE-2010-3680 – MySQL 5.1.48 - 'Temporary InnoDB' Tables Denial of Service
https://notcve.org/view.php?id=CVE-2010-3680
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure. MySQL de Oracle versiones 5.1 anteriores a 5.1.49, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo del demonio mysqld) mediante la creación de tablas temporales con columnas que aceptan valores NULL mientras se utiliza InnoDB, que desencadena un fallo de aserción. • https://www.exploit-db.com/exploits/34505 http://bugs.mysql.com/bug.php?id=54044 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html http://secunia.com/advisories/42875 http://secunia.com/advisories/42936 http://www.debian.org/security/2011/dsa-2143 http://www.mandriva.com/security/advisories?name=MDVSA-2010:155 http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 http://www.mandriva.com/security/advisories?name=MDVSA-2011:012 http://www.openwa •
CVE-2010-3679 – Oracle MySQL < 5.1.49 - Malformed 'BINLOG' Arguments Denial of Service
https://notcve.org/view.php?id=CVE-2010-3679
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind. Oracle MySQL 5.1 ersiones anteriores a la 5.1.49 permite a los usuarios autenticados remotos provocar una denegación de servicio (bloqueo del demonio mysqld) a través de ciertos argumentos al comando BINLOG, que desencadena un acceso a la memoria no inicializada, como lo demuestra valgrind. • https://www.exploit-db.com/exploits/34521 http://bugs.mysql.com/bug.php?id=54393 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html http://secunia.com/advisories/42936 http://www.mandriva.com/security/advisories?name=MDVSA-2010:155 http://www.mandriva.com/security/advisories?name=MDVSA-2011:012 http://www.openwall.com/lists/oss-security/2010/09/28/10 http://www.redhat.com/support/errata/RHSA-2011-0164.html http://www.securityfocus.com/bid/42638 http • CWE-399: Resource Management Errors •
CVE-2010-3681 – Oracle MySQL 5.1.48 - 'HANDLER' Interface Denial of Service
https://notcve.org/view.php?id=CVE-2010-3681
Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure. MySQL de Oracle versiones 5.1 anteriores a 5.1.49 y versiones 5.5 anteriores a 5.5.5, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo del demonio mysqld) mediante la interfaz HANDLER y realizar "alternate reads from two indexes on a table", lo que desencadena un fallo de aserción. • https://www.exploit-db.com/exploits/34520 http://bugs.mysql.com/bug.php?id=54007 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html http://dev.mysql.com/doc/refman/5.5/en/news-5-5-5.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html http://secunia.com/advisories/42875 http://secunia.com/advisories/42936 http://www.debian.org/security/2011/dsa-21 •