CVSS: 1.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1502
https://notcve.org/view.php?id=CVE-2013-1502
Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition. Vulnerabilidad sin especificar en Oracle MySQL 5.5.30 y anteriores y 5.6.9 y anteriores, permite a usuarios locales comprometer la disponibilidad a través de vectores relacionados con Server Partition. • http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html •
CVSS: 3.5EPSS: 0%CPEs: 10EXPL: 0CVE-2013-1506 – mysql: unspecified DoS related to Server Locking (CPU April 2013)
https://notcve.org/view.php?id=CVE-2013-1506
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking. Vulnerabilidad sin especificar en Oracle MySQL 5.1.67 y anteriores, 5.6.10 y anteriores y 5.5.29 y anteriores, permite a usuarios autenticados remotamente comprometer la disponibilidad a través de vectores no especificados relacionados con Server Locking. • http://rhn.redhat.com/errata/RHSA-2013-0772.html http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html https://access.redhat.com/security/cve/CVE-2013-1506 https://bugzilla.redhat.com/show_bug.cgi?id=952899 •
CVSS: 5.0EPSS: 90%CPEs: 21EXPL: 2CVE-2013-1861 – MySQL / MariaDB - Geometry Query Denial of Service
https://notcve.org/view.php?id=CVE-2013-1861
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error. MariaDB 5.5.x en versiones anteriores a 5.5.30, 5.3.x en versiones anteriores a 5.3.13, 5.2.x en versiones anteriores a 5.2.15 y 5.1.x en versiones anteriores a 5.1.68 y Oracle MySQL 5.1.69 y versiones anteriores, 5.5.31 y versiones anteriores y 5.6.11 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída) a través de una funcionalidad de geometría manipulada que especifica un gran número de puntos, que no es apropiadamente manipulada cuando se procesa la representación binaria de esta funcionalidad, relacionado con un error de cálculo numérico. • https://www.exploit-db.com/exploits/38392 http://lists.askmonty.org/pipermail/commits/2013-March/004371.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html http://seclists.org/oss-sec/2013/q1/671 http://secunia.com/advisories/52639 http://secunia.com/a • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.0EPSS: 0%CPEs: 86EXPL: 2CVE-2008-7247
https://notcve.org/view.php?id=CVE-2008-7247
sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink. sql/sql_table.cc en MySQL v5.0.x hasta la v5.0.88, v5.1.x hasta la v5.1.41, y v6.0 anteriores a v6.0.9-alpha, cuando el directorio de datos "home" contiene un enlace simbólico a un sistema de ficheros diferente, permite a usuarios autenticados remotamente saltar las restricciones de acceso implementadas al invocar CREATE TABLE con un argumento (1) DATA DIRECTORY o (2) INDEX DIRECTORY referido a un subdirectorio que requiera el seguimiento de este enlace simbólico. • http://bugs.mysql.com/bug.php?id=39277 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.mysql.com/commits/59711 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html http://marc.info/?l=oss-security&m=125908040022018&w=2 http://secunia.com/advisories/38517 http://support.apple.com/kb/HT4077 http://ubuntu.com/usn/usn-897-1 http://w • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.0EPSS: 3%CPEs: 36EXPL: 2CVE-2009-0819 – MySQL 6.0.9 - XPath Expression Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-0819
sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure. El archivo sql/item_xmlfunc.cc en MySQL versiones 5.1 anteriores a 5.1.32 y versiones 6.0 anteriores a 6.0.10, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo) por medio de "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," que desencadena un fallo de aserción. • https://www.exploit-db.com/exploits/32838 http://bugs.mysql.com/bug.php?id=42495 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-10.html http://secunia.com/advisories/34115 http://www.securityfocus.com/bid/33972 http://www.securitytracker.com/id?1021786 http://www.vupen.com/english/advisories/2009/0594 https://exchange.xforce.ibmcloud.com/vulnerabilities/49050 https://oval.cisecurity.org/repository&# •