Page 58 of 361 results (0.007 seconds)

CVSS: 6.8EPSS: 0%CPEs: 104EXPL: 1

CVE-2009-4028 – mysql: client SSL certificate verification flaw

https://notcve.org/view.php?id=CVE-2009-4028

The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library. La función vio_verify_callback en vio_verify_callback de MySQL v5.0.x anteriores a v5.0.88 y v5.1.x anteriores a v5.1.41, cuando utiliza OpenSSL, acepta un valor cero para la profundidad de los certificados X.509, permitiendo a atacantes de hombre en medio (man-in-the-middle) suplantar servidores MySQL de su elección basados en SSL mediante un certificado creado específicamente, como se ha demostrado por un certificado presentado por un servidor vinculado con la biblioteca yaSSL. • http://bugs.mysql.com/47320 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html http://lists.mysql.com/commits/87446 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://marc.info/?l=oss-security&m=125881733826437&w=2 http://www.openwall.com/lists/oss-security/2009/11/19/3 http://www.openwall.com/lists/oss-security/2009/11/23/16 http://www.redhat. • CWE-20: Improper Input Validation •

CVSS: 4.0EPSS: 10%CPEs: 81EXPL: 2

CVE-2009-4019 – MySQL 6.0.9 - 'GeomFromWKB()' Function First Argument Geometry Value Handling Denial of Service

https://notcve.org/view.php?id=CVE-2009-4019

mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement. mysqld en MySQL v5.0.x anteriores a v5.0.88 y v5.1.x anteriores a v5.1.41 no (1) maneja apropiadamente los errores durante la ejecución de determinadas peticiones SELECT con subpeticiones, y no (2) preserva determinadas "flags" (opciones) null_value durante la ejecución de peticiones que usan la función GeomFromWKB; lo que permite a usuarios autenticados remotos provocar una denegación de servicio (caída del demonio) a través de una petición modificada. • https://www.exploit-db.com/exploits/33398 https://www.exploit-db.com/exploits/33397 http://bugs.mysql.com/47780 http://bugs.mysql.com/48291 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://marc.info/?l=oss-security&m=125881733826437& •

CVSS: 8.5EPSS: 7%CPEs: 115EXPL: 3

CVE-2009-2446 – MySQL 5.0.75 - 'sql_parse.cc' Multiple Format String Vulnerabilities

https://notcve.org/view.php?id=CVE-2009-2446

Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de formato de cadena en la función dispatch_command en libmysqld/sql_parse.cc en mysqld de MySQL v4.0.0 hasta v5.0.83 permiten a usuarios remotos autenticados causar una denegación de servicio (mediante caída del demonio) y, posiblemente otros efectos no especificados, a través de especificadores de formato de cadena en el nombre de base de datos en una petición (1) COM_CREATE_DB o (2) COM_DROP_DB. NOTA: Algunos de estos detalles se obtienen a partir de información de terceros. • https://www.exploit-db.com/exploits/33077 http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0058.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://secunia.com/advisories/35767 http://secunia.com/advisories/36566 http://secunia.com/advisories/38517 http://securitytracker.com/id?1022533 http://support.apple.com/kb/HT4077 http://ubuntu.com/usn/usn-897-1 http://www.mandriva.com/security/advisories?name=MDVSA-2009:179 http://w • CWE-134: Use of Externally-Controlled Format String •

CVSS: 4.0EPSS: 3%CPEs: 36EXPL: 2

CVE-2009-0819 – MySQL 6.0.9 - XPath Expression Remote Denial of Service

https://notcve.org/view.php?id=CVE-2009-0819

sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure. El archivo sql/item_xmlfunc.cc en MySQL versiones 5.1 anteriores a 5.1.32 y versiones 6.0 anteriores a 6.0.10, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo) por medio de "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," que desencadena un fallo de aserción. • https://www.exploit-db.com/exploits/32838 http://bugs.mysql.com/bug.php?id=42495 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-10.html http://secunia.com/advisories/34115 http://www.securityfocus.com/bid/33972 http://www.securitytracker.com/id?1021786 http://www.vupen.com/english/advisories/2009/0594 https://exchange.xforce.ibmcloud.com/vulnerabilities/49050 https://oval.cisecurity.org/repository&# •

CVSS: 2.6EPSS: 1%CPEs: 15EXPL: 2

CVE-2008-4456 – MySQL 5 - Command Line Client HTML Special Characters HTML Injection

https://notcve.org/view.php?id=CVE-2008-4456

Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el cliente command-line en MySQL v5.0.26 a la v5.0.45, cuando la opción --html está activa, permite a los atacantes inyectar web script o HTML de su elección colocándolo en una celda de la base de datos, a la que puede acceder el cliente al comoponer un documento HTML. • https://www.exploit-db.com/exploits/32445 http://bugs.mysql.com/bug.php?id=27884 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://seclists.org/bugtraq/2008/Oct/0026.html http://secunia.com/advisories/32072 http://secunia.com/advisories/34907 http://secunia.com/advisories/36566 http://secunia.com/advisories/38517 http://securityreason.com/securityalert/4357 http://support.apple.com/kb/HT4077 http://ubuntu.com/usn/usn-897-1 http: • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •