CVE-2012-5096
https://notcve.org/view.php?id=CVE-2012-5096
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors. Vulnerabilidad no especificada en el componente Servidor de Oracle MySQL v5.5.28 y anteriores permite a usuarios remotos autenticados con los privilegios en el servidor afectar a la disponibilidad a través de vectores desconocidos. • http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html http://www.ubuntu.com/usn/USN-1703-1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16877 •
CVE-2013-0384 – mysql: unspecified DoS vulnerability related to Information Schema (CPU Jan 2013)
https://notcve.org/view.php?id=CVE-2013-0384
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema. Una vulnerabilidad no especificada en el componente Servidor de Oracle MySQL v5.1.66 y anteriores y v5.5.28 y anteriores, permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con los esquemas de información. • http://rhn.redhat.com/errata/RHSA-2013-0219.html http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html http://www.ubuntu.com/usn/USN-1703-1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16632 https://access.redhat.com/security/cve/CVE-2013-0384 https://bugzilla.redhat.com& •
CVE-2013-0371
https://notcve.org/view.php?id=CVE-2013-0371
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM. Una vulnerabilidad no especificada en el componente Servidor de Oracle MySQL v5.5.28 y anteriores permite a usuarios remotos autenticados afectar a la disponibilidad. Se trata de un problema relacionado con MyISAM. • http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html http://www.ubuntu.com/usn/USN-1703-1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16451 •
CVE-2012-5614 – MySQL - Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2012-5614
Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements. MySQL v5.5.19 y posiblemente otras versiones, y MariaDB v5.5.28a y posiblemente otras versiones, permiten a usuarios remotos autenticados provocar una denegación de servicio (caída de mysqld) a través de un comando SELECT con un comando updateXML que contiene XML con un gran número de elementos anidados "unique". Oracle MySQL version 5.5.19-log on SuSE Linux suffers from a denial of service vulnerability. • https://www.exploit-db.com/exploits/23078 http://rhn.redhat.com/errata/RHSA-2013-0772.html http://seclists.org/fulldisclosure/2012/Dec/7 http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.openwall.com/lists/oss-security/2012/12/02/3 http://www.openwall.com/lists/oss-security/2012/12/02/4 http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555. •
CVE-2012-5612 – MySQL (Linux) - Heap Overrun (PoC)
https://notcve.org/view.php?id=CVE-2012-5612
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands. El desbordamiento de búfer en la región heap de la memoria en MySQL versión 5.5.19 y otras versiones hasta 5.5.28, y MariaDB versión 5.5.28a y posiblemente otras versiones, de Oracle, permite a los usuarios remotos autenticados causar una denegación de servicio (corrupción de memoria y bloqueo) y posiblemente ejecutar código arbitrario, como es demostrado utilizando ciertas variaciones de los comandos (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE y (12) SET PASSWORD. Oracle MySQL on Linux suffers from a heap overrun vulnerability. • https://www.exploit-db.com/exploits/23076 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html http://seclists.org/fulldisclosure/2012/Dec/5 http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.exploit-db.com/exploits/23076 http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.openwall.com/lists/oss-security/2012/12/02/3 ht • CWE-787: Out-of-bounds Write •