CVSS: 6.0EPSS: 0%CPEs: 86EXPL: 2CVE-2008-7247
https://notcve.org/view.php?id=CVE-2008-7247
sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink. sql/sql_table.cc en MySQL v5.0.x hasta la v5.0.88, v5.1.x hasta la v5.1.41, y v6.0 anteriores a v6.0.9-alpha, cuando el directorio de datos "home" contiene un enlace simbólico a un sistema de ficheros diferente, permite a usuarios autenticados remotamente saltar las restricciones de acceso implementadas al invocar CREATE TABLE con un argumento (1) DATA DIRECTORY o (2) INDEX DIRECTORY referido a un subdirectorio que requiera el seguimiento de este enlace simbólico. • http://bugs.mysql.com/bug.php?id=39277 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.mysql.com/commits/59711 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html http://marc.info/?l=oss-security&m=125908040022018&w=2 http://secunia.com/advisories/38517 http://support.apple.com/kb/HT4077 http://ubuntu.com/usn/usn-897-1 http://w • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.8EPSS: 0%CPEs: 104EXPL: 1CVE-2009-4028 – mysql: client SSL certificate verification flaw
https://notcve.org/view.php?id=CVE-2009-4028
The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library. La función vio_verify_callback en vio_verify_callback de MySQL v5.0.x anteriores a v5.0.88 y v5.1.x anteriores a v5.1.41, cuando utiliza OpenSSL, acepta un valor cero para la profundidad de los certificados X.509, permitiendo a atacantes de hombre en medio (man-in-the-middle) suplantar servidores MySQL de su elección basados en SSL mediante un certificado creado específicamente, como se ha demostrado por un certificado presentado por un servidor vinculado con la biblioteca yaSSL. • http://bugs.mysql.com/47320 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html http://lists.mysql.com/commits/87446 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://marc.info/?l=oss-security&m=125881733826437&w=2 http://www.openwall.com/lists/oss-security/2009/11/19/3 http://www.openwall.com/lists/oss-security/2009/11/23/16 http://www.redhat. • CWE-20: Improper Input Validation •
CVSS: 4.0EPSS: 10%CPEs: 81EXPL: 2CVE-2009-4019 – MySQL 6.0.9 - 'GeomFromWKB()' Function First Argument Geometry Value Handling Denial of Service
https://notcve.org/view.php?id=CVE-2009-4019
mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement. mysqld en MySQL v5.0.x anteriores a v5.0.88 y v5.1.x anteriores a v5.1.41 no (1) maneja apropiadamente los errores durante la ejecución de determinadas peticiones SELECT con subpeticiones, y no (2) preserva determinadas "flags" (opciones) null_value durante la ejecución de peticiones que usan la función GeomFromWKB; lo que permite a usuarios autenticados remotos provocar una denegación de servicio (caída del demonio) a través de una petición modificada. • https://www.exploit-db.com/exploits/33398 https://www.exploit-db.com/exploits/33397 http://bugs.mysql.com/47780 http://bugs.mysql.com/48291 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://marc.info/?l=oss-security&m=125881733826437& •
CVSS: 4.0EPSS: 3%CPEs: 36EXPL: 2CVE-2009-0819 – MySQL 6.0.9 - XPath Expression Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-0819
sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure. El archivo sql/item_xmlfunc.cc en MySQL versiones 5.1 anteriores a 5.1.32 y versiones 6.0 anteriores a 6.0.10, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo) por medio de "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," que desencadena un fallo de aserción. • https://www.exploit-db.com/exploits/32838 http://bugs.mysql.com/bug.php?id=42495 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-10.html http://secunia.com/advisories/34115 http://www.securityfocus.com/bid/33972 http://www.securitytracker.com/id?1021786 http://www.vupen.com/english/advisories/2009/0594 https://exchange.xforce.ibmcloud.com/vulnerabilities/49050 https://oval.cisecurity.org/repository&# •
CVSS: 4.0EPSS: 5%CPEs: 64EXPL: 1CVE-2008-3963 – MySQL 6.0.4 - Empty Binary String Literal Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-3963
MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement. MySQL versiones 5.0 anteriores a 5.0.66, versiones 5.1 anteriores a 5.1.26 y versiones 6.0 anteriores a 6.0.6, no maneja apropiadamente un token b'' (b comilla simple comilla simple), también se conoce como literal de cadena de bits vacía, que permite a los atacantes remotos causar una denegación de servicio (bloqueo del demonio) mediante el uso de este token en una sentencia SQL. • https://www.exploit-db.com/exploits/32348 http://bugs.mysql.com/bug.php?id=35658 http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://secunia.com/advisories/31769 http://secunia.com/advisories/32759 http://secunia.com/advisories/32769 http& • CWE-134: Use of Externally-Controlled Format String •