CVE-2013-1511
https://notcve.org/view.php?id=CVE-2013-1511
Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. Vulnerabilidad sin especificar en Oracle MySQL 5.5.30 y anteriores, y 5.6.10 y anteriores, permite a usuarios autenticados remotamente comprometer la disponibilidad a través de vectores no especificados relacionados con InnoDB. • http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html •
CVE-2013-1506 – mysql: unspecified DoS related to Server Locking (CPU April 2013)
https://notcve.org/view.php?id=CVE-2013-1506
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking. Vulnerabilidad sin especificar en Oracle MySQL 5.1.67 y anteriores, 5.6.10 y anteriores y 5.5.29 y anteriores, permite a usuarios autenticados remotamente comprometer la disponibilidad a través de vectores no especificados relacionados con Server Locking. • http://rhn.redhat.com/errata/RHSA-2013-0772.html http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html https://access.redhat.com/security/cve/CVE-2013-1506 https://bugzilla.redhat.com/show_bug.cgi?id=952899 •
CVE-2013-1502
https://notcve.org/view.php?id=CVE-2013-1502
Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition. Vulnerabilidad sin especificar en Oracle MySQL 5.5.30 y anteriores y 5.6.9 y anteriores, permite a usuarios locales comprometer la disponibilidad a través de vectores relacionados con Server Partition. • http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html •
CVE-2013-1861 – MySQL / MariaDB - Geometry Query Denial of Service
https://notcve.org/view.php?id=CVE-2013-1861
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error. MariaDB 5.5.x en versiones anteriores a 5.5.30, 5.3.x en versiones anteriores a 5.3.13, 5.2.x en versiones anteriores a 5.2.15 y 5.1.x en versiones anteriores a 5.1.68 y Oracle MySQL 5.1.69 y versiones anteriores, 5.5.31 y versiones anteriores y 5.6.11 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída) a través de una funcionalidad de geometría manipulada que especifica un gran número de puntos, que no es apropiadamente manipulada cuando se procesa la representación binaria de esta funcionalidad, relacionado con un error de cálculo numérico. • https://www.exploit-db.com/exploits/38392 http://lists.askmonty.org/pipermail/commits/2013-March/004371.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html http://seclists.org/oss-sec/2013/q1/671 http://secunia.com/advisories/52639 http://secunia.com/a • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-2122 – MySQL - Authentication Bypass
https://notcve.org/view.php?id=CVE-2012-2122
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value. sql/password.c en Oracle MySQL 5.1.x anterior a 5.1.63, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.6, y MariaDB 5.1.x anterior a 5.1.62, 5.2.x anterior a 5.2.12, 5.3.x anterior a 5.3.6, y 5.5.x anterior a 5.5.23, cuando se ejecuta en determinados entornos con determinadas implementaciones de la función memcmp, permite que atacantes remotos eviten la autenticación utilizando repetidamente la misma contraseña incorrecta, lo que eventualmente provoca una comparación de token con resultado de éxito en una variable de retorno no validada • https://www.exploit-db.com/exploits/19092 https://github.com/zhangkaibin0921/CVE-2012-2122 https://github.com/Avinza/CVE-2012-2122-scanner https://github.com/cyberharsh/Oracle-mysql-CVE-2012-2122 http://bugs.mysql.com/bug.php?id=64884 http://kb.askmonty.org/en/mariadb-5162-release-notes http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html http://seclists.org/oss-sec/2012/q2/493 http://secunia.com/advisories/49417 http://secunia.com/advisories/53372 • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •