CVSS: 4.4EPSS: 0%CPEs: 26EXPL: 0CVE-2009-4030 – mysql: Incomplete fix for CVE-2008-2079 / CVE-2008-4098
https://notcve.org/view.php?id=CVE-2009-4030
MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079. MySQL v5.1.x anteriores a v5.1.41 permite a usuarios locales evitar ciertas comprobaciones de privilegios invocando CREATE TABLE en una tabla MyISAM con los argumentos (1) DATA DIRECTORY o (2) INDEX DIRECTORY modificados que estan originariamente asociados con pathnames (rutas) sin symlinks, y que pueden apuntar a tables creadas en un futuro en el cual un pathname (ruta) es modificado para contener un symlink a un subdirectorio del directorio home de datos de MySQL. Vulnerabilidad relacionada con una cálculo incorrecto del valor mysql_unpacked_real_data_home value. NOTA: esta vulnerabilidad existe debido a una solución incompleta al CVE-2008-4098 y CVE-2008-2079. • http://bugs.mysql.com/bug.php?id=32167 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.mysql.com/commits/89940 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html http://marc.info/?l=oss-security&m=125908040022018&w=2 http://marc.info/?l=oss-security&m=125908080222685&w=2& • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.0EPSS: 3%CPEs: 36EXPL: 2CVE-2009-0819 – MySQL 6.0.9 - XPath Expression Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-0819
sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure. El archivo sql/item_xmlfunc.cc en MySQL versiones 5.1 anteriores a 5.1.32 y versiones 6.0 anteriores a 6.0.10, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo) por medio de "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," que desencadena un fallo de aserción. • https://www.exploit-db.com/exploits/32838 http://bugs.mysql.com/bug.php?id=42495 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-10.html http://secunia.com/advisories/34115 http://www.securityfocus.com/bid/33972 http://www.securitytracker.com/id?1021786 http://www.vupen.com/english/advisories/2009/0594 https://exchange.xforce.ibmcloud.com/vulnerabilities/49050 https://oval.cisecurity.org/repository&# •
CVSS: 4.0EPSS: 5%CPEs: 64EXPL: 1CVE-2008-3963 – MySQL 6.0.4 - Empty Binary String Literal Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-3963
MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement. MySQL versiones 5.0 anteriores a 5.0.66, versiones 5.1 anteriores a 5.1.26 y versiones 6.0 anteriores a 6.0.6, no maneja apropiadamente un token b'' (b comilla simple comilla simple), también se conoce como literal de cadena de bits vacía, que permite a los atacantes remotos causar una denegación de servicio (bloqueo del demonio) mediante el uso de este token en una sentencia SQL. • https://www.exploit-db.com/exploits/32348 http://bugs.mysql.com/bug.php?id=35658 http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://secunia.com/advisories/31769 http://secunia.com/advisories/32759 http://secunia.com/advisories/32769 http& • CWE-134: Use of Externally-Controlled Format String •
CVSS: 4.9EPSS: 0%CPEs: 8EXPL: 1CVE-2008-2079 – mysql: privilege escalation via DATA/INDEX DIRECTORY directives
https://notcve.org/view.php?id=CVE-2008-2079
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future. MySQL 4.1.x anterior a 4.1.24, 5.0.x antes de 5.0.60, 5.1.x anterior a 5.1.24 y 6.0.x antes de 6.0.5 permite a usuarios locales evitar ciertas comprobaciones de privilegios llamando a CREATE TABLE en una tabla MyISAM con argumentos (1) DATA DIRECTORY or (2) INDEX DIRECTORY modificados que están dentro del directorio MySQL home data, que puede apuntar a tablas que se crearán en el futuro. • http://bugs.mysql.com/bug.php?id=32167 http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://lists.o • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2007-6313
https://notcve.org/view.php?id=CVE-2007-6313
MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements. MySQL Server 5.1.x antes de 5.1.23 y 6.0.x antes de 6.0.4 no comprueba los privilegios de entidad ejecutando BINLOG, lo que permite a usuarios autorizados remotamente ejecutar sentencias BINLOG de su elección. • http://bugs.mysql.com/31611 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html http://osvdb.org/43179 http://www.securitytracker.com/id?1019083 http://www.vupen.com/english/advisories/2008/0560/references • CWE-264: Permissions, Privileges, and Access Controls •