CVSS: 2.1EPSS: 0%CPEs: 18EXPL: 3CVE-2007-1420 – MySQL 5.0.x - Single Row SubSelect Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-1420
MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function. MySQL versión 5.x anterior a 5.0.36, permite a los usuarios locales causar una denegación de servicio (bloqueo de base de datos) al realizar subselecciones de la tabla information_schema y utilizar ORDER BY para ordenar un resultado de una sola fila, lo que impide que determinados elementos de la estructura se inicialicen y desencadene una desreferencia de NULL en la función filesort. • https://www.exploit-db.com/exploits/29724 http://bugs.mysql.com/bug.php?id=24630 http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-36.html http://secunia.com/advisories/24483 http://secunia.com/advisories/24609 http://secunia.com/advisories/25196 http://secunia.com/advisories/25389 http://secunia.com/advisories/25946 http://secunia.com/advisories/30351 http://security.gentoo.org/glsa/glsa-200705-11.xml http://securityreason.com/securityalert/2413 http:& • CWE-476: NULL Pointer Dereference •
CVSS: 3.5EPSS: 0%CPEs: 6EXPL: 0CVE-2006-7232 – mysql: daemon crash via EXPLAIN on queries on information schema
https://notcve.org/view.php?id=CVE-2006-7232
sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY. sql_select.cc en MySQL 5.0.x anterior a 5.0.32 y 5.1.x anterior a 5.1.14 permite a usuarios autenticados remotamente provocar una denegación de servicio (caída) mediante un EXPLAIN SELECT FROM en la tabla INFORMATION_SCHEMA como se ha demostrado utilizando ORDER BY. • http://bugs.mysql.com/bug.php?id=22413 http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-32.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-14.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/29443 http://secunia.com/advisories/30351 http://secunia.com/advisories/31687 http://www.redhat.com/support/errata/RHSA-2008-0364.html http://www.securityfocus.com/bid/28351 http://www. • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 1CVE-2006-4380
https://notcve.org/view.php?id=CVE-2006-4380
MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects. MySQL anterior a 4.1.13 permite a un usuario local provocar denegación de servicio (caida de esclavo de replicación persistente)a través de una consulta con multiacutalizaciones y subselecciones. • http://bugs.mysql.com/10442 http://lists.mysql.com/internals/26123 http://secunia.com/advisories/21712 http://secunia.com/advisories/21762 http://securitytracker.com/id?1016790 http://www.debian.org/security/2006/dsa-1169 http://www.mandriva.com/security/advisories?name=MDKSA-2006:158 http://www.securityfocus.com/bid/19794 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10686 https://access.redhat.com/security/cve/CVE-2006-4380 https:/&#x •
CVSS: 3.6EPSS: 0%CPEs: 95EXPL: 3CVE-2006-4226 – mysql-server create database privilege escalation
https://notcve.org/view.php?id=CVE-2006-4226
MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. MySQL anteriores a 4.1.21, 5.0 anterior a 5.0.25, y 5.1 anteriores a 5.1.12, cuando se ejecutan en sistemas de fichero sensibles al uso de mayúsculas o minúscular, permite a usuarios autenticados remotamente crear o acceder a una base de datos cuando el nombre de la base de datos difiere sólo en el uso de mayúsculas y minúsculas de una base de datos para la cual tienen permisos. • http://bugs.mysql.com/bug.php?id=17647 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://lists.mysql.com/commits/5927 http://secunia.com/advisories/21506 http://secunia.com/advisories/21627 http://secunia.com/advisories/21762 http://secunia.com/advisories/22080 http://secunia.com/advisories/24479 http://secunia.com/advi •
CVSS: 6.5EPSS: 8%CPEs: 12EXPL: 3CVE-2006-4227 – MySQL 4/5 - SUID Routine Miscalculation Arbitrary DML Statement Execution
https://notcve.org/view.php?id=CVE-2006-4227
MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE. MySQL anterior a 5.0.25 y 5.1 anterior a 5.1.12 evalúa los argumentos de rutinas suid en el contexto de seguridad del creador de la rutina en lugar del de aquel que llama a la rutina, lo que permite a usuarios autenticados remotamente escalar privilegios a través de una rutina que ha sido puesta a su disposición utilizando GRANT EXECUTE. • https://www.exploit-db.com/exploits/28398 http://bugs.mysql.com/bug.php?id=18630 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html http://lists.mysql.com/commits/7918 http://secunia.com/advisories/21506 http://secunia.com/advisories/21770 http://secunia.com/advisories/22080 http://secunia.com/advisories/30351 http://securitytracker.com/id?1016709 http://www.novell.com/linux/security/advisories/2006_23_sr.html http://www.redhat.com/support/errata/ • CWE-20: Improper Input Validation •