CVSS: 2.1EPSS: 0%CPEs: 34EXPL: 0CVE-2006-3486
https://notcve.org/view.php?id=CVE-2006-3486
Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called. NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon. Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability ** IMPUGNADA ** Desbordamiento de búfer por superación del límite en la función Instance_options::complete_initialization de instance_options.cc en el Instance Manager de MySQL antes de 5.0.23 y 5.1 antes de 5.1.12 podría permitir a usuarios locales provocar una denegación de servicio (caída de aplicación) mediante vectores sin especificar, lo que dispara el desbordamiento cuando se llama a la función convert_dirname. NOTA: el fabricante ha impugnado este problema por email a CVE, diciendo que solamente es explotable cuando el usuario tiene acceso al archivo de configuración o al demonio Instance Manager. Debido a su funcionalidad prevista, este nivel de acceso ya permitiría al usuario interrumpir la operación del programa, por lo cual esto no transpasa los límites de seguridad y no es una vulnerabilidad. • http://bugs.mysql.com/bug.php?id=20622 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-23.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-12.html http://www.vupen.com/english/advisories/2006/2700 https://exchange.xforce.ibmcloud.com/vulnerabilities/27635 • CWE-189: Numeric Errors •
CVSS: 4.0EPSS: 1%CPEs: 14EXPL: 2CVE-2006-3081 – MySQL Server 4/5 - Str_To_Date Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-3081
mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function. mysqld en MySQL v4.1.x antes de v4.1.18, v5.0.x antes de v5.0.19, y v5.1.x antes de v5.1.6 permite causar una denegación de servicio (caída del demonio) a usuarios remotos autorizados a través de un segundo argumento nulo para la función STR_TO_DATE. • https://www.exploit-db.com/exploits/28026 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373913 http://bugs.mysql.com/bug.php?id=15828 http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://seclists.org/lists/fulldisclosure/2006/Jun/0434.html http://secunia.com/advisories/19929 http://secunia.com/advisories/20832 http://secunia.com/advisories/20871 http://secunia.com/advisories/24479 http:&#x •
CVSS: 7.5EPSS: 0%CPEs: 42EXPL: 0CVE-2006-2753
https://notcve.org/view.php?id=CVE-2006-2753
SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369735 http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://lists.mysql.com/announce/364 http://secunia.com/advisories/20365 http://secunia.com/advisories/20489 http://secunia.com/advisories/20531 http://secunia.com/advisories/20541 http://secunia.com/advisories/20562 http://secunia.com/advisories/20625 http://secunia.com/advisories/20712 http:&# •
CVSS: 5.0EPSS: 37%CPEs: 71EXPL: 0CVE-2006-1517
https://notcve.org/view.php?id=CVE-2006-1517
sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365939 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://lists.suse.com/archive/suse-security-announce/2006-Jun/0011.html http://secunia.com/advisories/19929 http://secunia.com/advisories/20002 http://secunia.com/advisories/20073 http://secunia.com/advisories/20076 http://secun •
CVSS: 6.5EPSS: 17%CPEs: 22EXPL: 1CVE-2006-1518 – MySQL 5.0.20 - COM_TABLE_DUMP Memory Leak/Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-1518
Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values. • https://www.exploit-db.com/exploits/1741 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365939 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html http://lists.suse.com/archive/suse-security-announce/2006-Jun/0011.html http://secunia.com/advisories/19929 http://secunia.com/advisories/20241 http://secunia.com/advisories/20253 http://secunia.com/advisories/20333 http://secunia.com/advisories/20457 http://secunia.com/advisories/20762 http://securityreason.co •