CVE-2012-0882
https://notcve.org/view.php?id=CVE-2012-0882
Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE. Desbordamiento de búfer en yaSSL, como se usa en MySQL v5.5.20 y posiblemente otras versiones incluidas v5.5.x antes de v5.5.22 y y 5.1.x antes de v5.1.62, permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, según lo demostrado por VulnDisco Paquete Profesional v9.17. • http://www.openwall.com/lists/oss-security/2012/02/24/2 https://blogs.oracle.com/sunsecurity/entry/cve_2012_0882buffer_overflow_vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=789141 https://lists.immunityinc.com/pipermail/canvas/2012-February/000011.html https://lists.immunityinc.com/pipermail/canvas/2012-February/000014.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-5026 – Oracle MySQL < 5.1.50 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-5026
The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments. La característica de comentarios ejecutables en MySQL v5.0.x antes de v5.0.93 y v5.1.x antes de v5.1.50, cuando se ejecuta con ciertas configuraciones de esclavos en la que el esclavo está ejecutando una versión más reciente que el maestro, permite a atacantes remotos ejecutar comandos SQL a través de comentarios personalizados. • https://www.exploit-db.com/exploits/34796 http://bugs.mysql.com/bug.php?id=49124 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html http://seclists.org/oss-sec/2011/q4/101 http://secunia.com/advisories/49179 https://bugzilla.redhat.com/show_bug.cgi?id=640177 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2012-2749 – mysql: crash caused by wrong calculation of key length for sort order index
https://notcve.org/view.php?id=CVE-2012-2749
MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index. MySQL v5.1.x antes de v5.1.63 y v5.5.x antes de v5.5.24 permite a usuarios remotos autenticados causar una denegación de servicio (por caída de mysqld) a través de vectores relacionados con un cálculo incorrecto y un índice de orden de clasificación. • http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html http://rhn.redhat.com/errata/RHSA-2012-1462.html http://rhn.redhat.com/errata/RHSA-2013-0180.html http://secunia.com/advisories/51309 http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.securityfocus.com/bid/55120 https://bugzilla.redhat.com/show_bug.cgi?id=833737 https://access.redhat.com/se • CWE-399: Resource Management Errors •
CVE-2012-2102 – mysql: Server crash on HANDLER READ NEXT after DELETE
https://notcve.org/view.php?id=CVE-2012-2102
MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT. MySQL v5.1.x antes de v5.1.62 y v5.5.x antes de v5.5.22 permite a usuarios remotos autenticados provocar una denegación de servicio (error de aserción y parada no ordenada de mysqld) mediante la supresión de un registro y usando 'HANDLER READ NEXT'. • http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.openwall.com/lists/oss-security/2012/04/13/7 http://www.securityfocus.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-0583 – mysql: unspecified DoS vulnerability in MyISAM (Oracle CPU April 2012)
https://notcve.org/view.php?id=CVE-2012-0583
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL v5.1.60 y anteriores, y v5.5.19 y anteriores, que permite a usuarios remotos autenticados afectar la disponibilidad, relacionado con MyISAM. • http://secunia.com/advisories/48890 http://secunia.com/advisories/49179 http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html http://www.securityfocus.com/bid/53061 http://www.securitytracker.com/id?1026934 https://access.redhat.com/security/cve/CVE-2012-0583 https://bugzilla.redhat.com/show_bug.cgi?id=814282 •