Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
224 vulnerabilities by mysql
VAR-200801-0204
Vulnerability from variot - Updated: 2024-07-23 19:25Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp. yaSSL is prone to multiple remote buffer-overflow vulnerabilities. Failed attacks will cause denial-of-service conditions. yaSSL 1.7.5 is vulnerable to these issues; other versions are also likely to be affected. # MySQL yaSSL SSL Hello Message Buffer Overflow 1. Vulnerability introduction and analysis yaSSL is an open source software package used to implement SSL. There are multiple remote overflow and invalid memory access issues in the yaSSL implementation, and remote attackers may take advantage of this vulnerability to control the server. The yaSSL (1.7.5 and earlier) implementation to Stack Buffer Overflow is bundled with MySQL <= 6.0. Code analysis: The buffer structure used to contain the data in the Hello message received by the client is as follows (from yassl_imp.hpp): class ClientHello : public HandShakeBase { ProtocolVersion client_version_; Random random_; uint8 id_len_; // session id length opaque session_id_[ID_LEN]; uint16 suite_len_; // cipher suite length opaque cipher_suites_[MAX_SUITE_SZ]; uint8 comp_len_; // compression length CompressionMethod compression_methods_; ... Here ID_LEN length is 32 units, MAX_SUITE_SZ is 64, RAN_LEN (RANd_LEN) 32. If an old version of the Hello message is received, the called ProcessOldClientHello function does not perform the necessary checks to limit the amount of data filling the above three fields, resulting in a buffer overflow vulnerability. The following is the vulnerable code in handshake.cpp: void ProcessOldClientHello(input_buffer& input, SSL& ssl) ... ClientHello ch; ... for (uint16 i = 0; i < ch.
Sergei Golubchik found that MySQL did not properly validate optional data or index directory paths given in a CREATE TABLE statement; as well it would not, under certain conditions, prevent two databases from using the same paths for data or index files. This could allow an authenticated user with appropriate privilege to create tables in one database to read and manipulate data in tables later created in other databases, regardless of GRANT privileges (CVE-2008-2079).
The updated packages have been patched to correct these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0227 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2079
Updated Packages:
Mandriva Linux 2007.1: 56e59e5a7413ca900767afa20480fff5 2007.1/i586/libmysql15-5.0.45-8.2mdv2007.1.i586.rpm c11348f9b60a3fb153cf07a7b2e22502 2007.1/i586/libmysql-devel-5.0.45-8.2mdv2007.1.i586.rpm a60fca42161427ed528a6a1fd58c61e3 2007.1/i586/libmysql-static-devel-5.0.45-8.2mdv2007.1.i586.rpm a6c4108497edb6cd0d7f723ca5f81c1f 2007.1/i586/mysql-5.0.45-8.2mdv2007.1.i586.rpm 62b091bfed614ed2be0e9f1dabc00e6e 2007.1/i586/mysql-bench-5.0.45-8.2mdv2007.1.i586.rpm 65c4cbcbaa11ad0fd5521ff9821a0e71 2007.1/i586/mysql-client-5.0.45-8.2mdv2007.1.i586.rpm 6cafb4fc0190c3d8c301737cc1b2d584 2007.1/i586/mysql-common-5.0.45-8.2mdv2007.1.i586.rpm ab7ff6bc5ed1e3add97e87eadffdf7d0 2007.1/i586/mysql-max-5.0.45-8.2mdv2007.1.i586.rpm 0c0d3817061fed8a9495b976e9aad4f6 2007.1/i586/mysql-ndb-extra-5.0.45-8.2mdv2007.1.i586.rpm e180f9184b397c76f121fa2cbcc249ee 2007.1/i586/mysql-ndb-management-5.0.45-8.2mdv2007.1.i586.rpm 11f6b6b340ec050489117a31ba1ada7b 2007.1/i586/mysql-ndb-storage-5.0.45-8.2mdv2007.1.i586.rpm 27d5c830d808a9198b5a3234ab635c31 2007.1/i586/mysql-ndb-tools-5.0.45-8.2mdv2007.1.i586.rpm 0b18a06428b4c5351ea19433a18ba44b 2007.1/SRPMS/mysql-5.0.45-8.2mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64: 861ae8a12d105c0537345f4b1b6364a6 2007.1/x86_64/lib64mysql15-5.0.45-8.2mdv2007.1.x86_64.rpm 74995c774432f4acacf682d14b738bae 2007.1/x86_64/lib64mysql-devel-5.0.45-8.2mdv2007.1.x86_64.rpm 5453d884b0edf40606bd78e62aef8101 2007.1/x86_64/lib64mysql-static-devel-5.0.45-8.2mdv2007.1.x86_64.rpm ef7ab96c6a492dad1a5f1463eaf5568b 2007.1/x86_64/mysql-5.0.45-8.2mdv2007.1.x86_64.rpm e6527ea8482a7928095a2d1d24953ad6 2007.1/x86_64/mysql-bench-5.0.45-8.2mdv2007.1.x86_64.rpm 896ed2418af55577669d67b2b110fded 2007.1/x86_64/mysql-client-5.0.45-8.2mdv2007.1.x86_64.rpm 9cfc765f29d39220862dd8b38a7baddb 2007.1/x86_64/mysql-common-5.0.45-8.2mdv2007.1.x86_64.rpm f738941dbf2fb982e5f91ad1f5b8dd99 2007.1/x86_64/mysql-max-5.0.45-8.2mdv2007.1.x86_64.rpm 604b3cda2222cc031819c1a76f64974e 2007.1/x86_64/mysql-ndb-extra-5.0.45-8.2mdv2007.1.x86_64.rpm 944f87e17f3a30a41392b57005b3866d 2007.1/x86_64/mysql-ndb-management-5.0.45-8.2mdv2007.1.x86_64.rpm abe714a023e8019dc2379f38a10287c6 2007.1/x86_64/mysql-ndb-storage-5.0.45-8.2mdv2007.1.x86_64.rpm 60585f5c00ea687c710da9bf8dc620b0 2007.1/x86_64/mysql-ndb-tools-5.0.45-8.2mdv2007.1.x86_64.rpm 0b18a06428b4c5351ea19433a18ba44b 2007.1/SRPMS/mysql-5.0.45-8.2mdv2007.1.src.rpm
Mandriva Linux 2008.0: 32915a44b313f9752d53864929acacef 2008.0/i586/libmysql15-5.0.45-8.2mdv2008.0.i586.rpm 886f68f93c90d168f0f376f2bdf19dfe 2008.0/i586/libmysql-devel-5.0.45-8.2mdv2008.0.i586.rpm 05d52109e0e751d6ecb330361f0c49b1 2008.0/i586/libmysql-static-devel-5.0.45-8.2mdv2008.0.i586.rpm c2d269602985c48dbfaa56edbb2089a5 2008.0/i586/mysql-5.0.45-8.2mdv2008.0.i586.rpm fe5a49a0dbcf5b5b862fa15c697ec734 2008.0/i586/mysql-bench-5.0.45-8.2mdv2008.0.i586.rpm 5d9e574e07b13db1e98ac5084ef24c52 2008.0/i586/mysql-client-5.0.45-8.2mdv2008.0.i586.rpm c3a73f6ba9467995e4eeeb2994987e8c 2008.0/i586/mysql-common-5.0.45-8.2mdv2008.0.i586.rpm faca35a011bd9e95c3aded56c498efe7 2008.0/i586/mysql-max-5.0.45-8.2mdv2008.0.i586.rpm ae5bece63ecfacd37582c68288e146a6 2008.0/i586/mysql-ndb-extra-5.0.45-8.2mdv2008.0.i586.rpm 6948d8799ff1e8e9ae3908dcfdfafc2a 2008.0/i586/mysql-ndb-management-5.0.45-8.2mdv2008.0.i586.rpm 11566a84793e2eb8b2e55fe28d89b918 2008.0/i586/mysql-ndb-storage-5.0.45-8.2mdv2008.0.i586.rpm 7e8e44013f0de7b0cd2c527da9202985 2008.0/i586/mysql-ndb-tools-5.0.45-8.2mdv2008.0.i586.rpm af4075fd835e0372f1f6745f2f6f2d24 2008.0/SRPMS/mysql-5.0.45-8.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: c3683e4b578bcf573913d2c8ea3bcc64 2008.0/x86_64/lib64mysql15-5.0.45-8.2mdv2008.0.x86_64.rpm a15bc584715bfa86221d021a45610701 2008.0/x86_64/lib64mysql-devel-5.0.45-8.2mdv2008.0.x86_64.rpm 7037c5117e10169e7f0d862cb3916a7d 2008.0/x86_64/lib64mysql-static-devel-5.0.45-8.2mdv2008.0.x86_64.rpm 624b99283d71f7fc372029d188b0d68e 2008.0/x86_64/mysql-5.0.45-8.2mdv2008.0.x86_64.rpm 3efcb2ad37ae4d91f5915548fcebb0fc 2008.0/x86_64/mysql-bench-5.0.45-8.2mdv2008.0.x86_64.rpm 69b7b8e85e21c015d1db4822885f9e70 2008.0/x86_64/mysql-client-5.0.45-8.2mdv2008.0.x86_64.rpm cd9cc2fd720dedef518fed7f6dbcd851 2008.0/x86_64/mysql-common-5.0.45-8.2mdv2008.0.x86_64.rpm dc1da6c335fdbe30762c3bdc8431de71 2008.0/x86_64/mysql-max-5.0.45-8.2mdv2008.0.x86_64.rpm 065d9a2c3515567c0d11a45a44b2b902 2008.0/x86_64/mysql-ndb-extra-5.0.45-8.2mdv2008.0.x86_64.rpm 8fb80d3e1b683af128b77d1ab9e6ad06 2008.0/x86_64/mysql-ndb-management-5.0.45-8.2mdv2008.0.x86_64.rpm 9e4a50fcfb351876e1294bcc113a9d01 2008.0/x86_64/mysql-ndb-storage-5.0.45-8.2mdv2008.0.x86_64.rpm 0788ada6ccdddb7db76ebcf3efbe8e0b 2008.0/x86_64/mysql-ndb-tools-5.0.45-8.2mdv2008.0.x86_64.rpm af4075fd835e0372f1f6745f2f6f2d24 2008.0/SRPMS/mysql-5.0.45-8.2mdv2008.0.src.rpm
Corporate 4.0: 08c68b948479e0609200d3a75fa1e6f8 corporate/4.0/i586/libmysql15-5.0.45-7.2.20060mlcs4.i586.rpm 9559df7a4dd7a7a5cd2f3350d0aaf644 corporate/4.0/i586/libmysql-devel-5.0.45-7.2.20060mlcs4.i586.rpm 7c6b41f3e966a9533fe2e508099e9ac3 corporate/4.0/i586/libmysql-static-devel-5.0.45-7.2.20060mlcs4.i586.rpm 83fc3360f5f3d5e4612e8b2dcccb9d86 corporate/4.0/i586/mysql-5.0.45-7.2.20060mlcs4.i586.rpm 119770dc70f1dec99770b89569d5f244 corporate/4.0/i586/mysql-bench-5.0.45-7.2.20060mlcs4.i586.rpm eaba4a0339945fe1e6f3b2197d43dc6d corporate/4.0/i586/mysql-client-5.0.45-7.2.20060mlcs4.i586.rpm 9d19c37b04c4db67c135ecd277b48d55 corporate/4.0/i586/mysql-common-5.0.45-7.2.20060mlcs4.i586.rpm 29ce0477fee72dd9f76665b7ab3d3733 corporate/4.0/i586/mysql-max-5.0.45-7.2.20060mlcs4.i586.rpm 76ef2d6cedff1526cea6e5391e53bd0b corporate/4.0/i586/mysql-ndb-extra-5.0.45-7.2.20060mlcs4.i586.rpm efd3de6baa6c09f0926e1d71fdcbb7d2 corporate/4.0/i586/mysql-ndb-management-5.0.45-7.2.20060mlcs4.i586.rpm 58acbcf9bd22ae8b686f270959a24d9a corporate/4.0/i586/mysql-ndb-storage-5.0.45-7.2.20060mlcs4.i586.rpm 0679c750bc5dd1f0ad9c26513c9d5a1f corporate/4.0/i586/mysql-ndb-tools-5.0.45-7.2.20060mlcs4.i586.rpm a2744801fe9ed017d4cfb3b40d7dcc42 corporate/4.0/SRPMS/mysql-5.0.45-7.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 1540c030207321b12c1dbf6518b259ea corporate/4.0/x86_64/lib64mysql15-5.0.45-7.2.20060mlcs4.x86_64.rpm b8a1daf95d7212f43635d06e709c3318 corporate/4.0/x86_64/lib64mysql-devel-5.0.45-7.2.20060mlcs4.x86_64.rpm 11ff72e78bca0c13e2bbe1d3eba69b6f corporate/4.0/x86_64/lib64mysql-static-devel-5.0.45-7.2.20060mlcs4.x86_64.rpm ec357bc74168b72e716ee47fdc8953ef corporate/4.0/x86_64/mysql-5.0.45-7.2.20060mlcs4.x86_64.rpm 2d4a49b5b2ef6be7f180c37bf6848502 corporate/4.0/x86_64/mysql-bench-5.0.45-7.2.20060mlcs4.x86_64.rpm 5acf56e4dc62af041eeeff90ad32ddbf corporate/4.0/x86_64/mysql-client-5.0.45-7.2.20060mlcs4.x86_64.rpm eadd8f9b5afdadc1e67ab76e63c5ede6 corporate/4.0/x86_64/mysql-common-5.0.45-7.2.20060mlcs4.x86_64.rpm 233bd234e9c9ce5922b9655a6fdd72ce corporate/4.0/x86_64/mysql-max-5.0.45-7.2.20060mlcs4.x86_64.rpm 97494344056c6e4f8340eaf0036ac97f corporate/4.0/x86_64/mysql-ndb-extra-5.0.45-7.2.20060mlcs4.x86_64.rpm ca70ce3ed5c592ec41151b1c6f1d43d8 corporate/4.0/x86_64/mysql-ndb-management-5.0.45-7.2.20060mlcs4.x86_64.rpm 379dab3d7aecfba0b93d5e5691d742db corporate/4.0/x86_64/mysql-ndb-storage-5.0.45-7.2.20060mlcs4.x86_64.rpm e0e9ca0dc122c8657aada9a9db758ca1 corporate/4.0/x86_64/mysql-ndb-tools-5.0.45-7.2.20060mlcs4.x86_64.rpm a2744801fe9ed017d4cfb3b40d7dcc42 corporate/4.0/SRPMS/mysql-5.0.45-7.2.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIgkXmmqjQ0CJFipgRAkLWAKClwPBbIW2SXkcexkEJjW79kexPLQCfRirO wV2/ikre4rdv7NLrZRgofos= =qdV+ -----END PGP SIGNATURE----- .
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: Nucleus XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID: SA15895
VERIFY ADVISORY: http://secunia.com/advisories/15895/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: Nucleus 3.x http://secunia.com/product/3699/
DESCRIPTION: A vulnerability has been reported in Nucleus, which can be exploited by malicious people to compromise a vulnerable system. http://sourceforge.net/project/showfiles.php?group_id=66479
OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. =========================================================== Ubuntu Security Notice USN-588-2 April 02, 2008 mysql-dfsg-5.0 regression https://launchpad.net/bugs/209699 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: mysql-server-5.0 5.0.22-0ubuntu6.06.9
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
USN-588-1 fixed vulnerabilities in MySQL. In fixing CVE-2007-2692 for Ubuntu 6.06, additional improvements were made to make privilege checks more restictive. As a result, an upstream bug was exposed which could cause operations on tables or views in a different database to fail. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Masaaki Hirose discovered that MySQL could be made to dereference a NULL pointer. An authenticated user could cause a denial of service (application crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table. This issue only affects Ubuntu 6.06 and 6.10. (CVE-2006-7232)
Alexander Nozdrin discovered that MySQL did not restore database access privileges when returning from SQL SECURITY INVOKER stored routines. An authenticated user could exploit this to gain privileges. This issue does not affect Ubuntu 7.10. (CVE-2007-2692)
Martin Friebe discovered that MySQL did not properly update the DEFINER value of an altered view. An authenticated user could use CREATE SQL SECURITY DEFINER VIEW and ALTER VIEW statements to gain privileges. (CVE-2007-6303)
Luigi Auriemma discovered that yaSSL as included in MySQL did not properly validate its input. This issue did not affect Ubuntu 6.06 in the default installation. (CVE-2008-0226, CVE-2008-0227)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.9.diff.gz
Size/MD5: 155085 f8c7ef90adb69cf67cc6366612b63d48
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.9.dsc
Size/MD5: 1114 d305551acc1c106afc8fcea708bf7748
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22.orig.tar.gz
Size/MD5: 18446645 2b8f36364373461190126817ec872031
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.22-0ubuntu6.06.9_all.deb
Size/MD5: 38560 ba617aed9cc0de2b3ab0bb27e4b73208
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.22-0ubuntu6.06.9_all.deb
Size/MD5: 41108 c5723e8875ec8ec61bc3e35d279b0785
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.22-0ubuntu6.06.9_all.deb
Size/MD5: 38564 4c87c774aa76333f9b6ce71be03abd9e
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.9_amd64.deb
Size/MD5: 6727828 250a0dc849c954205639795ead8c913c
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.9_amd64.deb
Size/MD5: 1423476 81fa43f4bcdaa9721311dd9cd7977713
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.9_amd64.deb
Size/MD5: 6897250 ee100a247642429c58c20cf501da925d
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.9_amd64.deb
Size/MD5: 22493122 6c8dc59d6b0f8885bdc08e72f7aef6b6
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.9_i386.deb
Size/MD5: 6141858 992e52adad73209d80bab70f7fb22d46
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.9_i386.deb
Size/MD5: 1383980 fcbf70966d6875c053e30e153b610991
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.9_i386.deb
Size/MD5: 6279892 cb5107c59d51513dc3b7d89ef64c2de1
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.9_i386.deb
Size/MD5: 21351224 84fe07a8a90d1d7bdefcdfa8bf34bc55
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.9_powerpc.deb
Size/MD5: 6885504 86e9ad51262265b596bf490ce3c46a2d
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.9_powerpc.deb
Size/MD5: 1463828 6a87ebba2667b07ca253b7bc3772d91e
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.9_powerpc.deb
Size/MD5: 6943956 f8630ffc208f766da49a1628076830b6
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.9_powerpc.deb
Size/MD5: 22706410 6e44a8947af147ac14a15fdd66e80bfd
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.9_sparc.deb
Size/MD5: 6433916 dea5c30c9bc61cf362cfbb7cb692a280
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.9_sparc.deb
Size/MD5: 1435924 5da529e0936388dc5584deb4155ba390
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.9_sparc.deb
Size/MD5: 6538958 4e658a8fca75f30eeafbfff2a2bffa9c
http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.9_sparc.deb
Size/MD5: 21972902 4d273677401e7896b4e65d8fc9996ce5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-1478-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff January 28, 2008 http://www.debian.org/security/faq
Package : mysql-dfsg-5.0 Vulnerability : buffer overflows Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-0226 CVE-2008-0227
Luigi Auriemma discovered two buffer overflows in YaSSL, an SSL implementation included in the MySQL database package, which could lead to denial of service and possibly the execution of arbitrary code.
For the unstable distribution (sid), these problems have been fixed in version 5.0.51-3.
For the stable distribution (etch), these problems have been fixed in version 5.0.32-7etch5.
The old stable distribution (sarge) doesn't contain mysql-dfsg-5.0.
We recommend that you upgrade your mysql-dfsg-5.0 package.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian 4.0 (stable)
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz Size/MD5 checksum: 16439441 f99df050b0b847adf7702b44e79ac877 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch5.diff.gz Size/MD5 checksum: 165895 05351b7ac0547d3666828c7eba89ee18 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch5.dsc Size/MD5 checksum: 1117 7d6a184cf5bda53d18be88728a0635c4
Architecture independent packages:
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch5_all.deb Size/MD5 checksum: 45636 c2d87b9755088b3a67851dc4867a67f8 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch5_all.deb Size/MD5 checksum: 47716 5c9311fc2072be8336424c648497303e http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch5_all.deb Size/MD5 checksum: 53944 3a16dd0a2c795cf7e906c648844a9779
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_alpha.deb Size/MD5 checksum: 8912752 826f18c201582262ee622ed9e470a915 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_alpha.deb Size/MD5 checksum: 1950712 47215338ef678adf7ca6f80d9d60613e http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_alpha.deb Size/MD5 checksum: 8407802 e6e87a2edaf5f0405473fb3f5c859b3f http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_alpha.deb Size/MD5 checksum: 27365718 f83e12f0f36c31b4dbd64ab7b1b6f01d http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_alpha.deb Size/MD5 checksum: 47748 91489bb86084a9f6026c6156a4a5faa0
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_amd64.deb Size/MD5 checksum: 7376450 ba1c75fa6963352a0af68c4db08d0c12 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_amd64.deb Size/MD5 checksum: 47708 4a3047795b3030063a47c969cfe4c324 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_amd64.deb Size/MD5 checksum: 1830910 c24fc179d4fb37994b5af2cb8c405ff1 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_amd64.deb Size/MD5 checksum: 25939846 8b0e047de274ed90f69a76f22866561a http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_amd64.deb Size/MD5 checksum: 7547346 003c7231b81203a50ec563ff5142a010
arm architecture (ARM)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_arm.deb Size/MD5 checksum: 47756 0145e1aa5ec02b5c60c2d78bbcd334a0 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_arm.deb Size/MD5 checksum: 25345622 2de813c86f1d10fb2df34d8b9de2336e http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_arm.deb Size/MD5 checksum: 6929754 8a6b3351769b567a468bc7dcb97a2141 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_arm.deb Size/MD5 checksum: 7204866 a8f69933d8081e753b76402e47e7a64a http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_arm.deb Size/MD5 checksum: 1747880 8da665b5f04444dcde03321f24ca8e4b
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_hppa.deb Size/MD5 checksum: 1920486 cb9a2e86902dc3f174926fbd8397a969 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_hppa.deb Size/MD5 checksum: 8046116 1eb6b1199a2c0f6a8502008a2c6df376 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_hppa.deb Size/MD5 checksum: 27055710 085b261bf2ec3820e21ec73bb59f6caa http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_hppa.deb Size/MD5 checksum: 47708 c17ca051ebe8783fa120c4596e32d9c2 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_hppa.deb Size/MD5 checksum: 8003914 59650ba346b2af0d77afbac64e93cca8
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_i386.deb Size/MD5 checksum: 25370152 d615311235c5a9e6d85e7e77b4927d5d http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_i386.deb Size/MD5 checksum: 47746 1040540bc74e34b67d9606a4368162a7 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_i386.deb Size/MD5 checksum: 6971870 90aae8d289cb3df24009c65b1af3b12d http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_i386.deb Size/MD5 checksum: 7189880 6082aa213539a361cced40044161d108 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_i386.deb Size/MD5 checksum: 1793974 ab7cbdd14a9bff04066a865634ef1ce2
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_ia64.deb Size/MD5 checksum: 9736902 1e93082931f1055cd4c1436caa0020f3 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_ia64.deb Size/MD5 checksum: 47710 3369d882bf2b99a05397aaeddf8bf864 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_ia64.deb Size/MD5 checksum: 2115340 472e412113e7ae0bb76853cf0167cd57 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_ia64.deb Size/MD5 checksum: 30408810 8c8982aae5e90c451b08f22bc2a5399d http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_ia64.deb Size/MD5 checksum: 10341648 a5ef1b86109c465131ccfe5a9147bd74
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_mips.deb Size/MD5 checksum: 7655576 b92c42fbbd64a377fcc4277a1696ccdd http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_mips.deb Size/MD5 checksum: 1835994 2650808f606406336f55b31497bea015 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_mips.deb Size/MD5 checksum: 7749018 db3eb1fb41084f7cda145ecc1f808402 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_mips.deb Size/MD5 checksum: 47710 698fd659ef265c937dd045cfb2e9e28a http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_mips.deb Size/MD5 checksum: 26338840 89c569b544aeb60ce6aae1c77d40965e
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_mipsel.deb Size/MD5 checksum: 1789510 2501eed6aaa7143a89f13e4bd9658ecf http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_mipsel.deb Size/MD5 checksum: 47718 ed3dc0fc53b78b2307dc4790ff82a174 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_mipsel.deb Size/MD5 checksum: 7640356 5417137e8b9632964ea0d67e8cd96416 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_mipsel.deb Size/MD5 checksum: 25845474 d379d4a5f900202d6244858d379aa46a http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_mipsel.deb Size/MD5 checksum: 7561164 31fa1242af6a762a92486aa327469d1f
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_powerpc.deb Size/MD5 checksum: 1832312 c6ab2b2c70aed56a7748eb0a5dd04c8c http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_powerpc.deb Size/MD5 checksum: 7573184 f43fb3a11284830b745346775073f92d http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_powerpc.deb Size/MD5 checksum: 7511850 184e9e37e760f4bb3779385d134975db http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_powerpc.deb Size/MD5 checksum: 47708 a76913df77b9f358f88a66875dc13a46 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_powerpc.deb Size/MD5 checksum: 26164462 386da660c381925416238a51b0a847a4
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_s390.deb Size/MD5 checksum: 47714 7fa0b60bff0e106f6328b0b026566008 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_s390.deb Size/MD5 checksum: 26763646 544f49b13f6207c1a104dc9eef9e6dd9 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_s390.deb Size/MD5 checksum: 7413442 b70c6184c3b82ead175debdd569ab807 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_s390.deb Size/MD5 checksum: 7507380 f9cecc1ace4fd2455516986637490930 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_s390.deb Size/MD5 checksum: 1951732 d5eaad746a8db92889febd0da68f1ae5
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_sparc.deb Size/MD5 checksum: 7153228 566328488d67a3843b04689d76f0253d http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_sparc.deb Size/MD5 checksum: 47714 551a6f9a790b301d63c856ecab13be75 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_sparc.deb Size/MD5 checksum: 7013384 3915c6846d5ffce6e321b7e40006cb66 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_sparc.deb Size/MD5 checksum: 1797430 b0bd228090c8923d08c9b8ee84a1edb8 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_sparc.deb Size/MD5 checksum: 25425084 a9934459b8cde72354ffc463b2ec140f
These files will probably be moved into the stable distribution on its next update.
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHnjjKXm3vHE4uyloRApi/AKCLKlM616TTchb0zEQ8K4cOCdgZhwCffa1J oQ57J3yhzeNDDwqXdxLvhxM= =6ogr -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200801-0204",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "mysql",
"version": "5.0.2"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1.4"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.46"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1.11"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1.12"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1.16"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.42"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1.14"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.40"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1.15"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1.22"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.23"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "mysql",
"version": "5.0.44"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "mysql",
"version": "5.1.5"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.36"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "mysql",
"version": "5.0.15"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1.10"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.52"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "6.10"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1.1"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.58"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1.7"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "mysql",
"version": "5.0.66"
},
{
"model": "yassl",
"scope": "lte",
"trust": 1.0,
"vendor": "yassl",
"version": "1.7.5"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1.17"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1.20"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "7.04"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "mysql",
"version": "5.0.5"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "mysql",
"version": "5.0.20"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1.3"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.45"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.62"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "6.06"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1.18"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.44"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "5.0"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "mysql",
"version": "5.0.4"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "mysql",
"version": "5.0.60"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.51"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.28"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1.8"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.25"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.66"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "mysql",
"version": "5.0.3"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "mysql",
"version": "5.0.56"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.48"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "7.10"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "mysql",
"version": "5.0.16"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "mysql",
"version": "5.0.10"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1.6"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1.9"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.32"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.64"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1.13"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "mysql",
"version": "5.0.0"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "mysql",
"version": "5.0.17"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.41"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.50"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "mysql",
"version": "5.0.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.38"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1.19"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1.21"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.60"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "mysql",
"version": "5.0.54"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.34"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1.2"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "mysql",
"version": "5.0.36"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.4"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.26"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "mysql",
"version": "5.0.1"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "mysql",
"version": "5.0.24"
},
{
"model": "mysql",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.56"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "drupal",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandriva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pear xml rpc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "phpxmlrpc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "postnuke",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "serendipity",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trustix secure linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wordpress",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "xoops",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "phpmyfaq",
"version": null
},
{
"model": "mysql",
"scope": "lt",
"trust": 0.8,
"vendor": "mysql ab",
"version": "5.1.23"
},
{
"model": "community server",
"scope": "lt",
"trust": 0.8,
"vendor": "mysql ab",
"version": "5.0.51a"
},
{
"model": "enterprise server",
"scope": "lt",
"trust": 0.8,
"vendor": "mysql ab",
"version": "5.0.50sp1a"
},
{
"model": "enterprise server",
"scope": "lt",
"trust": 0.8,
"vendor": "mysql ab",
"version": "5.0.54a"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.5"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.6,
"vendor": "mysql",
"version": "5.1.20"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.6,
"vendor": "mysql",
"version": "5.1.21"
},
{
"model": "yassl",
"scope": "eq",
"trust": 0.3,
"vendor": "yassl",
"version": "1.7.5"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "BID",
"id": "27140"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001045"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-154"
},
{
"db": "NVD",
"id": "CVE-2008-0226"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yassl:yassl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.7.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.52:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.42:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.44:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.44:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.45:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.60:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.62:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.48:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.50:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.54:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.66:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.66:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.36:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:mysql:5.0.54:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.56:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.64:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.0.66:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:5.1.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-0226"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma\u203b aluigi@pivx.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200801-154"
}
],
"trust": 0.6
},
"cve": "CVE-2008-0226",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2008-0226",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-30351",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-0226",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#442845",
"trust": 0.8,
"value": "20.75"
},
{
"author": "CNNVD",
"id": "CNNVD-200801-154",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-30351",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2008-0226",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "VULHUB",
"id": "VHN-30351"
},
{
"db": "VULMON",
"id": "CVE-2008-0226"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001045"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-154"
},
{
"db": "NVD",
"id": "CVE-2008-0226"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) \"input_buffer\u0026 operator\u003e\u003e\" in yassl_imp.cpp. yaSSL is prone to multiple remote buffer-overflow vulnerabilities. Failed attacks will cause denial-of-service conditions. \nyaSSL 1.7.5 is vulnerable to these issues; other versions are also likely to be affected. # MySQL yaSSL SSL Hello Message Buffer Overflow 1. Vulnerability introduction and analysis yaSSL is an open source software package used to implement SSL. There are multiple remote overflow and invalid memory access issues in the yaSSL implementation, and remote attackers may take advantage of this vulnerability to control the server. The yaSSL (1.7.5 and earlier) implementation to Stack Buffer Overflow is bundled with MySQL \u003c= 6.0. Code analysis: The buffer structure used to contain the data in the Hello message received by the client is as follows (from yassl_imp.hpp): class ClientHello : public HandShakeBase { ProtocolVersion client_version_; Random random_; uint8 id_len_; // session id length opaque session_id_[ID_LEN]; uint16 suite_len_; // cipher suite length opaque cipher_suites_[MAX_SUITE_SZ]; uint8 comp_len_; // compression length CompressionMethod compression_methods_; ... Here ID_LEN length is 32 units, MAX_SUITE_SZ is 64, RAN_LEN (RANd_LEN) 32. If an old version of the Hello message is received, the called ProcessOldClientHello function does not perform the necessary checks to limit the amount of data filling the above three fields, resulting in a buffer overflow vulnerability. The following is the vulnerable code in handshake.cpp: void ProcessOldClientHello(input_buffer\u0026 input, SSL\u0026 ssl) ... ClientHello ch; ... for (uint16 i = 0; i \u003c ch. \n \n Sergei Golubchik found that MySQL did not properly validate optional\n data or index directory paths given in a CREATE TABLE statement; as\n well it would not, under certain conditions, prevent two databases\n from using the same paths for data or index files. This could allow\n an authenticated user with appropriate privilege to create tables in\n one database to read and manipulate data in tables later created in\n other databases, regardless of GRANT privileges (CVE-2008-2079). \n \n The updated packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0226\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0227\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2079\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2007.1:\n 56e59e5a7413ca900767afa20480fff5 2007.1/i586/libmysql15-5.0.45-8.2mdv2007.1.i586.rpm\n c11348f9b60a3fb153cf07a7b2e22502 2007.1/i586/libmysql-devel-5.0.45-8.2mdv2007.1.i586.rpm\n a60fca42161427ed528a6a1fd58c61e3 2007.1/i586/libmysql-static-devel-5.0.45-8.2mdv2007.1.i586.rpm\n a6c4108497edb6cd0d7f723ca5f81c1f 2007.1/i586/mysql-5.0.45-8.2mdv2007.1.i586.rpm\n 62b091bfed614ed2be0e9f1dabc00e6e 2007.1/i586/mysql-bench-5.0.45-8.2mdv2007.1.i586.rpm\n 65c4cbcbaa11ad0fd5521ff9821a0e71 2007.1/i586/mysql-client-5.0.45-8.2mdv2007.1.i586.rpm\n 6cafb4fc0190c3d8c301737cc1b2d584 2007.1/i586/mysql-common-5.0.45-8.2mdv2007.1.i586.rpm\n ab7ff6bc5ed1e3add97e87eadffdf7d0 2007.1/i586/mysql-max-5.0.45-8.2mdv2007.1.i586.rpm\n 0c0d3817061fed8a9495b976e9aad4f6 2007.1/i586/mysql-ndb-extra-5.0.45-8.2mdv2007.1.i586.rpm\n e180f9184b397c76f121fa2cbcc249ee 2007.1/i586/mysql-ndb-management-5.0.45-8.2mdv2007.1.i586.rpm\n 11f6b6b340ec050489117a31ba1ada7b 2007.1/i586/mysql-ndb-storage-5.0.45-8.2mdv2007.1.i586.rpm\n 27d5c830d808a9198b5a3234ab635c31 2007.1/i586/mysql-ndb-tools-5.0.45-8.2mdv2007.1.i586.rpm \n 0b18a06428b4c5351ea19433a18ba44b 2007.1/SRPMS/mysql-5.0.45-8.2mdv2007.1.src.rpm\n\n Mandriva Linux 2007.1/X86_64:\n 861ae8a12d105c0537345f4b1b6364a6 2007.1/x86_64/lib64mysql15-5.0.45-8.2mdv2007.1.x86_64.rpm\n 74995c774432f4acacf682d14b738bae 2007.1/x86_64/lib64mysql-devel-5.0.45-8.2mdv2007.1.x86_64.rpm\n 5453d884b0edf40606bd78e62aef8101 2007.1/x86_64/lib64mysql-static-devel-5.0.45-8.2mdv2007.1.x86_64.rpm\n ef7ab96c6a492dad1a5f1463eaf5568b 2007.1/x86_64/mysql-5.0.45-8.2mdv2007.1.x86_64.rpm\n e6527ea8482a7928095a2d1d24953ad6 2007.1/x86_64/mysql-bench-5.0.45-8.2mdv2007.1.x86_64.rpm\n 896ed2418af55577669d67b2b110fded 2007.1/x86_64/mysql-client-5.0.45-8.2mdv2007.1.x86_64.rpm\n 9cfc765f29d39220862dd8b38a7baddb 2007.1/x86_64/mysql-common-5.0.45-8.2mdv2007.1.x86_64.rpm\n f738941dbf2fb982e5f91ad1f5b8dd99 2007.1/x86_64/mysql-max-5.0.45-8.2mdv2007.1.x86_64.rpm\n 604b3cda2222cc031819c1a76f64974e 2007.1/x86_64/mysql-ndb-extra-5.0.45-8.2mdv2007.1.x86_64.rpm\n 944f87e17f3a30a41392b57005b3866d 2007.1/x86_64/mysql-ndb-management-5.0.45-8.2mdv2007.1.x86_64.rpm\n abe714a023e8019dc2379f38a10287c6 2007.1/x86_64/mysql-ndb-storage-5.0.45-8.2mdv2007.1.x86_64.rpm\n 60585f5c00ea687c710da9bf8dc620b0 2007.1/x86_64/mysql-ndb-tools-5.0.45-8.2mdv2007.1.x86_64.rpm \n 0b18a06428b4c5351ea19433a18ba44b 2007.1/SRPMS/mysql-5.0.45-8.2mdv2007.1.src.rpm\n\n Mandriva Linux 2008.0:\n 32915a44b313f9752d53864929acacef 2008.0/i586/libmysql15-5.0.45-8.2mdv2008.0.i586.rpm\n 886f68f93c90d168f0f376f2bdf19dfe 2008.0/i586/libmysql-devel-5.0.45-8.2mdv2008.0.i586.rpm\n 05d52109e0e751d6ecb330361f0c49b1 2008.0/i586/libmysql-static-devel-5.0.45-8.2mdv2008.0.i586.rpm\n c2d269602985c48dbfaa56edbb2089a5 2008.0/i586/mysql-5.0.45-8.2mdv2008.0.i586.rpm\n fe5a49a0dbcf5b5b862fa15c697ec734 2008.0/i586/mysql-bench-5.0.45-8.2mdv2008.0.i586.rpm\n 5d9e574e07b13db1e98ac5084ef24c52 2008.0/i586/mysql-client-5.0.45-8.2mdv2008.0.i586.rpm\n c3a73f6ba9467995e4eeeb2994987e8c 2008.0/i586/mysql-common-5.0.45-8.2mdv2008.0.i586.rpm\n faca35a011bd9e95c3aded56c498efe7 2008.0/i586/mysql-max-5.0.45-8.2mdv2008.0.i586.rpm\n ae5bece63ecfacd37582c68288e146a6 2008.0/i586/mysql-ndb-extra-5.0.45-8.2mdv2008.0.i586.rpm\n 6948d8799ff1e8e9ae3908dcfdfafc2a 2008.0/i586/mysql-ndb-management-5.0.45-8.2mdv2008.0.i586.rpm\n 11566a84793e2eb8b2e55fe28d89b918 2008.0/i586/mysql-ndb-storage-5.0.45-8.2mdv2008.0.i586.rpm\n 7e8e44013f0de7b0cd2c527da9202985 2008.0/i586/mysql-ndb-tools-5.0.45-8.2mdv2008.0.i586.rpm \n af4075fd835e0372f1f6745f2f6f2d24 2008.0/SRPMS/mysql-5.0.45-8.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n c3683e4b578bcf573913d2c8ea3bcc64 2008.0/x86_64/lib64mysql15-5.0.45-8.2mdv2008.0.x86_64.rpm\n a15bc584715bfa86221d021a45610701 2008.0/x86_64/lib64mysql-devel-5.0.45-8.2mdv2008.0.x86_64.rpm\n 7037c5117e10169e7f0d862cb3916a7d 2008.0/x86_64/lib64mysql-static-devel-5.0.45-8.2mdv2008.0.x86_64.rpm\n 624b99283d71f7fc372029d188b0d68e 2008.0/x86_64/mysql-5.0.45-8.2mdv2008.0.x86_64.rpm\n 3efcb2ad37ae4d91f5915548fcebb0fc 2008.0/x86_64/mysql-bench-5.0.45-8.2mdv2008.0.x86_64.rpm\n 69b7b8e85e21c015d1db4822885f9e70 2008.0/x86_64/mysql-client-5.0.45-8.2mdv2008.0.x86_64.rpm\n cd9cc2fd720dedef518fed7f6dbcd851 2008.0/x86_64/mysql-common-5.0.45-8.2mdv2008.0.x86_64.rpm\n dc1da6c335fdbe30762c3bdc8431de71 2008.0/x86_64/mysql-max-5.0.45-8.2mdv2008.0.x86_64.rpm\n 065d9a2c3515567c0d11a45a44b2b902 2008.0/x86_64/mysql-ndb-extra-5.0.45-8.2mdv2008.0.x86_64.rpm\n 8fb80d3e1b683af128b77d1ab9e6ad06 2008.0/x86_64/mysql-ndb-management-5.0.45-8.2mdv2008.0.x86_64.rpm\n 9e4a50fcfb351876e1294bcc113a9d01 2008.0/x86_64/mysql-ndb-storage-5.0.45-8.2mdv2008.0.x86_64.rpm\n 0788ada6ccdddb7db76ebcf3efbe8e0b 2008.0/x86_64/mysql-ndb-tools-5.0.45-8.2mdv2008.0.x86_64.rpm \n af4075fd835e0372f1f6745f2f6f2d24 2008.0/SRPMS/mysql-5.0.45-8.2mdv2008.0.src.rpm\n\n Corporate 4.0:\n 08c68b948479e0609200d3a75fa1e6f8 corporate/4.0/i586/libmysql15-5.0.45-7.2.20060mlcs4.i586.rpm\n 9559df7a4dd7a7a5cd2f3350d0aaf644 corporate/4.0/i586/libmysql-devel-5.0.45-7.2.20060mlcs4.i586.rpm\n 7c6b41f3e966a9533fe2e508099e9ac3 corporate/4.0/i586/libmysql-static-devel-5.0.45-7.2.20060mlcs4.i586.rpm\n 83fc3360f5f3d5e4612e8b2dcccb9d86 corporate/4.0/i586/mysql-5.0.45-7.2.20060mlcs4.i586.rpm\n 119770dc70f1dec99770b89569d5f244 corporate/4.0/i586/mysql-bench-5.0.45-7.2.20060mlcs4.i586.rpm\n eaba4a0339945fe1e6f3b2197d43dc6d corporate/4.0/i586/mysql-client-5.0.45-7.2.20060mlcs4.i586.rpm\n 9d19c37b04c4db67c135ecd277b48d55 corporate/4.0/i586/mysql-common-5.0.45-7.2.20060mlcs4.i586.rpm\n 29ce0477fee72dd9f76665b7ab3d3733 corporate/4.0/i586/mysql-max-5.0.45-7.2.20060mlcs4.i586.rpm\n 76ef2d6cedff1526cea6e5391e53bd0b corporate/4.0/i586/mysql-ndb-extra-5.0.45-7.2.20060mlcs4.i586.rpm\n efd3de6baa6c09f0926e1d71fdcbb7d2 corporate/4.0/i586/mysql-ndb-management-5.0.45-7.2.20060mlcs4.i586.rpm\n 58acbcf9bd22ae8b686f270959a24d9a corporate/4.0/i586/mysql-ndb-storage-5.0.45-7.2.20060mlcs4.i586.rpm\n 0679c750bc5dd1f0ad9c26513c9d5a1f corporate/4.0/i586/mysql-ndb-tools-5.0.45-7.2.20060mlcs4.i586.rpm \n a2744801fe9ed017d4cfb3b40d7dcc42 corporate/4.0/SRPMS/mysql-5.0.45-7.2.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 1540c030207321b12c1dbf6518b259ea corporate/4.0/x86_64/lib64mysql15-5.0.45-7.2.20060mlcs4.x86_64.rpm\n b8a1daf95d7212f43635d06e709c3318 corporate/4.0/x86_64/lib64mysql-devel-5.0.45-7.2.20060mlcs4.x86_64.rpm\n 11ff72e78bca0c13e2bbe1d3eba69b6f corporate/4.0/x86_64/lib64mysql-static-devel-5.0.45-7.2.20060mlcs4.x86_64.rpm\n ec357bc74168b72e716ee47fdc8953ef corporate/4.0/x86_64/mysql-5.0.45-7.2.20060mlcs4.x86_64.rpm\n 2d4a49b5b2ef6be7f180c37bf6848502 corporate/4.0/x86_64/mysql-bench-5.0.45-7.2.20060mlcs4.x86_64.rpm\n 5acf56e4dc62af041eeeff90ad32ddbf corporate/4.0/x86_64/mysql-client-5.0.45-7.2.20060mlcs4.x86_64.rpm\n eadd8f9b5afdadc1e67ab76e63c5ede6 corporate/4.0/x86_64/mysql-common-5.0.45-7.2.20060mlcs4.x86_64.rpm\n 233bd234e9c9ce5922b9655a6fdd72ce corporate/4.0/x86_64/mysql-max-5.0.45-7.2.20060mlcs4.x86_64.rpm\n 97494344056c6e4f8340eaf0036ac97f corporate/4.0/x86_64/mysql-ndb-extra-5.0.45-7.2.20060mlcs4.x86_64.rpm\n ca70ce3ed5c592ec41151b1c6f1d43d8 corporate/4.0/x86_64/mysql-ndb-management-5.0.45-7.2.20060mlcs4.x86_64.rpm\n 379dab3d7aecfba0b93d5e5691d742db corporate/4.0/x86_64/mysql-ndb-storage-5.0.45-7.2.20060mlcs4.x86_64.rpm\n e0e9ca0dc122c8657aada9a9db758ca1 corporate/4.0/x86_64/mysql-ndb-tools-5.0.45-7.2.20060mlcs4.x86_64.rpm \n a2744801fe9ed017d4cfb3b40d7dcc42 corporate/4.0/SRPMS/mysql-5.0.45-7.2.20060mlcs4.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFIgkXmmqjQ0CJFipgRAkLWAKClwPBbIW2SXkcexkEJjW79kexPLQCfRirO\nwV2/ikre4rdv7NLrZRgofos=\n=qdV+\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nNucleus XML-RPC PHP Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA15895\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15895/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nNucleus 3.x\nhttp://secunia.com/product/3699/\n\nDESCRIPTION:\nA vulnerability has been reported in Nucleus, which can be exploited\nby malicious people to compromise a vulnerable system. \nhttp://sourceforge.net/project/showfiles.php?group_id=66479\n\nOTHER REFERENCES:\nSA15852:\nhttp://secunia.com/advisories/15852/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. =========================================================== \nUbuntu Security Notice USN-588-2 April 02, 2008\nmysql-dfsg-5.0 regression\nhttps://launchpad.net/bugs/209699\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n mysql-server-5.0 5.0.22-0ubuntu6.06.9\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nUSN-588-1 fixed vulnerabilities in MySQL. In fixing CVE-2007-2692 for\nUbuntu 6.06, additional improvements were made to make privilege checks\nmore restictive. As a result, an upstream bug was exposed which could\ncause operations on tables or views in a different database to fail. This\nupdate fixes the problem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n Masaaki Hirose discovered that MySQL could be made to dereference\n a NULL pointer. An authenticated user could cause a denial of service\n (application crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA\n table. This issue only affects Ubuntu 6.06 and 6.10. (CVE-2006-7232)\n \n Alexander Nozdrin discovered that MySQL did not restore database access\n privileges when returning from SQL SECURITY INVOKER stored routines. An\n authenticated user could exploit this to gain privileges. This issue\n does not affect Ubuntu 7.10. (CVE-2007-2692)\n \n Martin Friebe discovered that MySQL did not properly update the DEFINER\n value of an altered view. An authenticated user could use CREATE SQL\n SECURITY DEFINER VIEW and ALTER VIEW statements to gain privileges. \n (CVE-2007-6303)\n \n Luigi Auriemma discovered that yaSSL as included in MySQL did not\n properly validate its input. This issue did not affect Ubuntu 6.06 in the default installation. \n (CVE-2008-0226, CVE-2008-0227)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.9.diff.gz\n Size/MD5: 155085 f8c7ef90adb69cf67cc6366612b63d48\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.9.dsc\n Size/MD5: 1114 d305551acc1c106afc8fcea708bf7748\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22.orig.tar.gz\n Size/MD5: 18446645 2b8f36364373461190126817ec872031\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.22-0ubuntu6.06.9_all.deb\n Size/MD5: 38560 ba617aed9cc0de2b3ab0bb27e4b73208\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.22-0ubuntu6.06.9_all.deb\n Size/MD5: 41108 c5723e8875ec8ec61bc3e35d279b0785\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.22-0ubuntu6.06.9_all.deb\n Size/MD5: 38564 4c87c774aa76333f9b6ce71be03abd9e\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.9_amd64.deb\n Size/MD5: 6727828 250a0dc849c954205639795ead8c913c\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.9_amd64.deb\n Size/MD5: 1423476 81fa43f4bcdaa9721311dd9cd7977713\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.9_amd64.deb\n Size/MD5: 6897250 ee100a247642429c58c20cf501da925d\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.9_amd64.deb\n Size/MD5: 22493122 6c8dc59d6b0f8885bdc08e72f7aef6b6\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.9_i386.deb\n Size/MD5: 6141858 992e52adad73209d80bab70f7fb22d46\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.9_i386.deb\n Size/MD5: 1383980 fcbf70966d6875c053e30e153b610991\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.9_i386.deb\n Size/MD5: 6279892 cb5107c59d51513dc3b7d89ef64c2de1\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.9_i386.deb\n Size/MD5: 21351224 84fe07a8a90d1d7bdefcdfa8bf34bc55\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.9_powerpc.deb\n Size/MD5: 6885504 86e9ad51262265b596bf490ce3c46a2d\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.9_powerpc.deb\n Size/MD5: 1463828 6a87ebba2667b07ca253b7bc3772d91e\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.9_powerpc.deb\n Size/MD5: 6943956 f8630ffc208f766da49a1628076830b6\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.9_powerpc.deb\n Size/MD5: 22706410 6e44a8947af147ac14a15fdd66e80bfd\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.9_sparc.deb\n Size/MD5: 6433916 dea5c30c9bc61cf362cfbb7cb692a280\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.9_sparc.deb\n Size/MD5: 1435924 5da529e0936388dc5584deb4155ba390\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.9_sparc.deb\n Size/MD5: 6538958 4e658a8fca75f30eeafbfff2a2bffa9c\n http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.9_sparc.deb\n Size/MD5: 21972902 4d273677401e7896b4e65d8fc9996ce5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1478-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 28, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : mysql-dfsg-5.0\nVulnerability : buffer overflows\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-0226 CVE-2008-0227\n\nLuigi Auriemma discovered two buffer overflows in YaSSL, an SSL\nimplementation included in the MySQL database package, which could lead\nto denial of service and possibly the execution of arbitrary code. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.0.51-3. \n\nFor the stable distribution (etch), these problems have been fixed in\nversion 5.0.32-7etch5. \n\nThe old stable distribution (sarge) doesn\u0027t contain mysql-dfsg-5.0. \n\nWe recommend that you upgrade your mysql-dfsg-5.0 package. \n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz\n Size/MD5 checksum: 16439441 f99df050b0b847adf7702b44e79ac877\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch5.diff.gz\n Size/MD5 checksum: 165895 05351b7ac0547d3666828c7eba89ee18\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch5.dsc\n Size/MD5 checksum: 1117 7d6a184cf5bda53d18be88728a0635c4\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch5_all.deb\n Size/MD5 checksum: 45636 c2d87b9755088b3a67851dc4867a67f8\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch5_all.deb\n Size/MD5 checksum: 47716 5c9311fc2072be8336424c648497303e\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch5_all.deb\n Size/MD5 checksum: 53944 3a16dd0a2c795cf7e906c648844a9779\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_alpha.deb\n Size/MD5 checksum: 8912752 826f18c201582262ee622ed9e470a915\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_alpha.deb\n Size/MD5 checksum: 1950712 47215338ef678adf7ca6f80d9d60613e\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_alpha.deb\n Size/MD5 checksum: 8407802 e6e87a2edaf5f0405473fb3f5c859b3f\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_alpha.deb\n Size/MD5 checksum: 27365718 f83e12f0f36c31b4dbd64ab7b1b6f01d\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_alpha.deb\n Size/MD5 checksum: 47748 91489bb86084a9f6026c6156a4a5faa0\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_amd64.deb\n Size/MD5 checksum: 7376450 ba1c75fa6963352a0af68c4db08d0c12\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_amd64.deb\n Size/MD5 checksum: 47708 4a3047795b3030063a47c969cfe4c324\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_amd64.deb\n Size/MD5 checksum: 1830910 c24fc179d4fb37994b5af2cb8c405ff1\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_amd64.deb\n Size/MD5 checksum: 25939846 8b0e047de274ed90f69a76f22866561a\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_amd64.deb\n Size/MD5 checksum: 7547346 003c7231b81203a50ec563ff5142a010\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_arm.deb\n Size/MD5 checksum: 47756 0145e1aa5ec02b5c60c2d78bbcd334a0\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_arm.deb\n Size/MD5 checksum: 25345622 2de813c86f1d10fb2df34d8b9de2336e\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_arm.deb\n Size/MD5 checksum: 6929754 8a6b3351769b567a468bc7dcb97a2141\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_arm.deb\n Size/MD5 checksum: 7204866 a8f69933d8081e753b76402e47e7a64a\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_arm.deb\n Size/MD5 checksum: 1747880 8da665b5f04444dcde03321f24ca8e4b\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_hppa.deb\n Size/MD5 checksum: 1920486 cb9a2e86902dc3f174926fbd8397a969\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_hppa.deb\n Size/MD5 checksum: 8046116 1eb6b1199a2c0f6a8502008a2c6df376\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_hppa.deb\n Size/MD5 checksum: 27055710 085b261bf2ec3820e21ec73bb59f6caa\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_hppa.deb\n Size/MD5 checksum: 47708 c17ca051ebe8783fa120c4596e32d9c2\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_hppa.deb\n Size/MD5 checksum: 8003914 59650ba346b2af0d77afbac64e93cca8\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_i386.deb\n Size/MD5 checksum: 25370152 d615311235c5a9e6d85e7e77b4927d5d\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_i386.deb\n Size/MD5 checksum: 47746 1040540bc74e34b67d9606a4368162a7\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_i386.deb\n Size/MD5 checksum: 6971870 90aae8d289cb3df24009c65b1af3b12d\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_i386.deb\n Size/MD5 checksum: 7189880 6082aa213539a361cced40044161d108\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_i386.deb\n Size/MD5 checksum: 1793974 ab7cbdd14a9bff04066a865634ef1ce2\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_ia64.deb\n Size/MD5 checksum: 9736902 1e93082931f1055cd4c1436caa0020f3\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_ia64.deb\n Size/MD5 checksum: 47710 3369d882bf2b99a05397aaeddf8bf864\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_ia64.deb\n Size/MD5 checksum: 2115340 472e412113e7ae0bb76853cf0167cd57\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_ia64.deb\n Size/MD5 checksum: 30408810 8c8982aae5e90c451b08f22bc2a5399d\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_ia64.deb\n Size/MD5 checksum: 10341648 a5ef1b86109c465131ccfe5a9147bd74\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_mips.deb\n Size/MD5 checksum: 7655576 b92c42fbbd64a377fcc4277a1696ccdd\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_mips.deb\n Size/MD5 checksum: 1835994 2650808f606406336f55b31497bea015\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_mips.deb\n Size/MD5 checksum: 7749018 db3eb1fb41084f7cda145ecc1f808402\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_mips.deb\n Size/MD5 checksum: 47710 698fd659ef265c937dd045cfb2e9e28a\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_mips.deb\n Size/MD5 checksum: 26338840 89c569b544aeb60ce6aae1c77d40965e\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_mipsel.deb\n Size/MD5 checksum: 1789510 2501eed6aaa7143a89f13e4bd9658ecf\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_mipsel.deb\n Size/MD5 checksum: 47718 ed3dc0fc53b78b2307dc4790ff82a174\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_mipsel.deb\n Size/MD5 checksum: 7640356 5417137e8b9632964ea0d67e8cd96416\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_mipsel.deb\n Size/MD5 checksum: 25845474 d379d4a5f900202d6244858d379aa46a\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_mipsel.deb\n Size/MD5 checksum: 7561164 31fa1242af6a762a92486aa327469d1f\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_powerpc.deb\n Size/MD5 checksum: 1832312 c6ab2b2c70aed56a7748eb0a5dd04c8c\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_powerpc.deb\n Size/MD5 checksum: 7573184 f43fb3a11284830b745346775073f92d\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_powerpc.deb\n Size/MD5 checksum: 7511850 184e9e37e760f4bb3779385d134975db\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_powerpc.deb\n Size/MD5 checksum: 47708 a76913df77b9f358f88a66875dc13a46\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_powerpc.deb\n Size/MD5 checksum: 26164462 386da660c381925416238a51b0a847a4\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_s390.deb\n Size/MD5 checksum: 47714 7fa0b60bff0e106f6328b0b026566008\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_s390.deb\n Size/MD5 checksum: 26763646 544f49b13f6207c1a104dc9eef9e6dd9\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_s390.deb\n Size/MD5 checksum: 7413442 b70c6184c3b82ead175debdd569ab807\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_s390.deb\n Size/MD5 checksum: 7507380 f9cecc1ace4fd2455516986637490930\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_s390.deb\n Size/MD5 checksum: 1951732 d5eaad746a8db92889febd0da68f1ae5\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_sparc.deb\n Size/MD5 checksum: 7153228 566328488d67a3843b04689d76f0253d\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_sparc.deb\n Size/MD5 checksum: 47714 551a6f9a790b301d63c856ecab13be75\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_sparc.deb\n Size/MD5 checksum: 7013384 3915c6846d5ffce6e321b7e40006cb66\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_sparc.deb\n Size/MD5 checksum: 1797430 b0bd228090c8923d08c9b8ee84a1edb8\n http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_sparc.deb\n Size/MD5 checksum: 25425084 a9934459b8cde72354ffc463b2ec140f\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (GNU/Linux)\n\niD8DBQFHnjjKXm3vHE4uyloRApi/AKCLKlM616TTchb0zEQ8K4cOCdgZhwCffa1J\noQ57J3yhzeNDDwqXdxLvhxM=\n=6ogr\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-0226"
},
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001045"
},
{
"db": "BID",
"id": "27140"
},
{
"db": "VULHUB",
"id": "VHN-30351"
},
{
"db": "VULMON",
"id": "CVE-2008-0226"
},
{
"db": "PACKETSTORM",
"id": "68366"
},
{
"db": "PACKETSTORM",
"id": "64766"
},
{
"db": "PACKETSTORM",
"id": "38388"
},
{
"db": "PACKETSTORM",
"id": "65137"
},
{
"db": "PACKETSTORM",
"id": "63104"
}
],
"trust": 3.24
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=16849",
"trust": 0.3,
"type": "exploit"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-30351",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30351"
},
{
"db": "VULMON",
"id": "CVE-2008-0226"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-0226",
"trust": 3.3
},
{
"db": "BID",
"id": "27140",
"trust": 2.9
},
{
"db": "SECUNIA",
"id": "28419",
"trust": 2.6
},
{
"db": "SECUNIA",
"id": "28324",
"trust": 2.6
},
{
"db": "SECUNIA",
"id": "29443",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "32222",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "28597",
"trust": 1.8
},
{
"db": "BID",
"id": "31681",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2008-2780",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2008-0560",
"trust": 1.8
},
{
"db": "SREASON",
"id": "3531",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "15895",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "15810",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15922",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15852",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15855",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15861",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15862",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15872",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15883",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15884",
"trust": 0.8
},
{
"db": "BID",
"id": "14088",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1014327",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#442845",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001045",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200801-154",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "63104",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "68366",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "16849",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "85678",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82247",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "16701",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "9953",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-71206",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-67003",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-30351",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2008-0226",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64766",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "38388",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "65137",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "VULHUB",
"id": "VHN-30351"
},
{
"db": "VULMON",
"id": "CVE-2008-0226"
},
{
"db": "BID",
"id": "27140"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001045"
},
{
"db": "PACKETSTORM",
"id": "68366"
},
{
"db": "PACKETSTORM",
"id": "64766"
},
{
"db": "PACKETSTORM",
"id": "38388"
},
{
"db": "PACKETSTORM",
"id": "65137"
},
{
"db": "PACKETSTORM",
"id": "63104"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-154"
},
{
"db": "NVD",
"id": "CVE-2008-0226"
}
]
},
"id": "VAR-200801-0204",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-30351"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:25:13.959000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT3216",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht3216"
},
{
"title": "HT3216",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht3216?viewlocale=ja_jp"
},
{
"title": "releasenotes-es-5-0-54a",
"trust": 0.8,
"url": "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-54a.html"
},
{
"title": "releasenotes-es-5-0-50sp1a",
"trust": 0.8,
"url": "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-50sp1a.html"
},
{
"title": "Changes in MySQL 5.1.23",
"trust": 0.8,
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html"
},
{
"title": "releasenotes-cs-5-0-51a",
"trust": 0.8,
"url": "http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51a.html"
},
{
"title": "Debian Security Advisories: DSA-1478-1 mysql-dfsg-5.0 -- buffer overflows",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=2b2cb23a9e6fe80baeb726ee71987169"
},
{
"title": "Ubuntu Security Notice: mysql-dfsg-5.0 regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-588-2"
},
{
"title": "Ubuntu Security Notice: mysql-dfsg-5.0 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-588-1"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/dbutter/whitehat_public "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-0226"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001045"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30351"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001045"
},
{
"db": "NVD",
"id": "CVE-2008-0226"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/27140"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2008/oct/msg00001.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/31681"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/archive/1/485810/100/0/threaded"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/archive/1/485811/100/0/threaded"
},
{
"trust": 1.8,
"url": "http://bugs.mysql.com/33814"
},
{
"trust": 1.8,
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht3216"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2008/dsa-1478"
},
{
"trust": 1.8,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:150"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/28324"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/28419"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/28597"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/29443"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/32222"
},
{
"trust": 1.8,
"url": "http://securityreason.com/securityalert/3531"
},
{
"trust": 1.8,
"url": "http://www.ubuntu.com/usn/usn-588-1"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2008/0560/references"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"trust": 1.8,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39431"
},
{
"trust": 1.8,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39429"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/15895/"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/15852/"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0226"
},
{
"trust": 0.8,
"url": "http://www.hardened-php.net/advisory-022005.php"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15861/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15862/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15884/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15883/"
},
{
"trust": 0.8,
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=2699"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15855/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15810/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15872/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15922/"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/alerts/2005/jun/1014327.html"
},
{
"trust": 0.8,
"url": "http://www.gulftech.org/?node=research\u0026article_id=00088-07022005"
},
{
"trust": 0.8,
"url": "http://www.gulftech.org/?node=research\u0026article_id=00087-07012005"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/14088"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2008/0560"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0226"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/28419/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/28324/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0226"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0227"
},
{
"trust": 0.3,
"url": "http://yassl.com/"
},
{
"trust": 0.3,
"url": "/archive/1/485810"
},
{
"trust": 0.3,
"url": "/archive/1/485811"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-7232"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2692"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6303"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22.orig.tar.gz"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/./dsa-1478"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/16849/"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/modules/exploit/linux/mysql/mysql_yassl_hello"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/588-2/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0227"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2079"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2079"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.24a-9ubuntu2.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.45-1ubuntu3.3.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.8_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.45.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.38-0ubuntu1.4_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.8_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.38-0ubuntu1.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.24a-9ubuntu2.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.38-0ubuntu1.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.8_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.38-0ubuntu1.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.38-0ubuntu1.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.8_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.45-1ubuntu3.3.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.38-0ubuntu1.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.24a-9ubuntu2.4.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.8_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.22-0ubuntu6.06.8_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.38-0ubuntu1.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.45-1ubuntu3.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.45-1ubuntu3.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.24a-9ubuntu2.4_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.45-1ubuntu3.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.45-1ubuntu3.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.24a-9ubuntu2.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.38-0ubuntu1.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.24a-9ubuntu2.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.38-0ubuntu1.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.38-0ubuntu1.4.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.8_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.24a.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.8_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.45-1ubuntu3.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.24a-9ubuntu2.4_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.24a-9ubuntu2.4.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.38-0ubuntu1.4.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.38-0ubuntu1.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.24a-9ubuntu2.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.38-0ubuntu1.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.8_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.24a-9ubuntu2.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.8_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.24a-9ubuntu2.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.22-0ubuntu6.06.8_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.24a-9ubuntu2.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.45-1ubuntu3.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.8_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.45-1ubuntu3.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.45-1ubuntu3.3_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.45-1ubuntu3.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.45-1ubuntu3.3_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.24a-9ubuntu2.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.24a-9ubuntu2.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.45-1ubuntu3.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.38-0ubuntu1.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.45-1ubuntu3.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.24a-9ubuntu2.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.24a-9ubuntu2.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.45-1ubuntu3.3_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.22-0ubuntu6.06.8_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.8.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.38-0ubuntu1.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.38-0ubuntu1.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.8_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.38-0ubuntu1.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.38-0ubuntu1.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.38.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.24a-9ubuntu2.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.8_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.45-1ubuntu3.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.45-1ubuntu3.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.24a-9ubuntu2.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.38-0ubuntu1.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.24a-9ubuntu2.4_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.45-1ubuntu3.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.45-1ubuntu3.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.8_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.8.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.38-0ubuntu1.4_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.45-1ubuntu3.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.24a-9ubuntu2.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.8_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.38-0ubuntu1.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.24a-9ubuntu2.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.38-0ubuntu1.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.38-0ubuntu1.4_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.8_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.38-0ubuntu1.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.45-1ubuntu3.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.38-0ubuntu1.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.8_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3699/"
},
{
"trust": 0.1,
"url": "http://sourceforge.net/project/showfiles.php?group_id=66479"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client_5.0.22-0ubuntu6.06.9_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.9.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-common_5.0.22-0ubuntu6.06.9_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.22-0ubuntu6.06.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.22-0ubuntu6.06.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.22-0ubuntu6.06.9.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server_5.0.22-0ubuntu6.06.9_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.22-0ubuntu6.06.9_i386.deb"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/209699"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.22-0ubuntu6.06.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch5_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_i386.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch5.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch5_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch5.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch5_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_alpha.deb"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_alpha.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_arm.deb"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "VULHUB",
"id": "VHN-30351"
},
{
"db": "VULMON",
"id": "CVE-2008-0226"
},
{
"db": "BID",
"id": "27140"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001045"
},
{
"db": "PACKETSTORM",
"id": "68366"
},
{
"db": "PACKETSTORM",
"id": "64766"
},
{
"db": "PACKETSTORM",
"id": "38388"
},
{
"db": "PACKETSTORM",
"id": "65137"
},
{
"db": "PACKETSTORM",
"id": "63104"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-154"
},
{
"db": "NVD",
"id": "CVE-2008-0226"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "VULHUB",
"id": "VHN-30351"
},
{
"db": "VULMON",
"id": "CVE-2008-0226"
},
{
"db": "BID",
"id": "27140"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001045"
},
{
"db": "PACKETSTORM",
"id": "68366"
},
{
"db": "PACKETSTORM",
"id": "64766"
},
{
"db": "PACKETSTORM",
"id": "38388"
},
{
"db": "PACKETSTORM",
"id": "65137"
},
{
"db": "PACKETSTORM",
"id": "63104"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-154"
},
{
"db": "NVD",
"id": "CVE-2008-0226"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-07-06T00:00:00",
"db": "CERT/CC",
"id": "VU#442845"
},
{
"date": "2008-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-30351"
},
{
"date": "2008-01-10T00:00:00",
"db": "VULMON",
"id": "CVE-2008-0226"
},
{
"date": "2008-01-04T00:00:00",
"db": "BID",
"id": "27140"
},
{
"date": "2008-02-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001045"
},
{
"date": "2008-07-21T19:49:13",
"db": "PACKETSTORM",
"id": "68366"
},
{
"date": "2008-03-20T20:58:07",
"db": "PACKETSTORM",
"id": "64766"
},
{
"date": "2005-07-01T23:31:00",
"db": "PACKETSTORM",
"id": "38388"
},
{
"date": "2008-04-03T05:44:58",
"db": "PACKETSTORM",
"id": "65137"
},
{
"date": "2008-01-30T03:19:05",
"db": "PACKETSTORM",
"id": "63104"
},
{
"date": "2007-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200801-154"
},
{
"date": "2008-01-10T23:46:00",
"db": "NVD",
"id": "CVE-2008-0226"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-09T00:00:00",
"db": "CERT/CC",
"id": "VU#442845"
},
{
"date": "2019-12-17T00:00:00",
"db": "VULHUB",
"id": "VHN-30351"
},
{
"date": "2019-12-17T00:00:00",
"db": "VULMON",
"id": "CVE-2008-0226"
},
{
"date": "2010-01-28T05:21:00",
"db": "BID",
"id": "27140"
},
{
"date": "2010-02-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001045"
},
{
"date": "2019-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200801-154"
},
{
"date": "2019-12-17T20:26:08.287000",
"db": "NVD",
"id": "CVE-2008-0226"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "68366"
},
{
"db": "PACKETSTORM",
"id": "64766"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-154"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple PHP XML-RPC implementations vulnerable to code injection",
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200801-154"
}
],
"trust": 0.6
}
}
VAR-200608-0332
Vulnerability from variot - Updated: 2023-12-18 13:05Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client. SAP-DB and MaxDB are prone to a remote buffer-overflow vulnerability because these applications fail to perform sufficient bounds-checking of user-supplied data before copying it to an insufficiently sized memory buffer. Failed exploit attempts will likely crash the application, denying further service to legitimate users. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Symantec Vulnerability Research
http://www.symantec.com/research
Security Advisory
Advisory ID: SYMSA-2006-09 Advisory Title: SAP-DB/MaxDB WebDBM remote buffer overflow Author: Oliver Karow / Oliver_Karow@symantec.com Release Date: 29-08-2006 Application: SAP-DB/MaxDB 7.6.00.22 - WebDBM Platform: Windows/Unix Severity: Remotely exploitable/Local System Access Vendor status: Verified by vendor / Resolved in 7.6.00.31 CVE Number: CVE-2006-4305 Reference: http://www.securityfocus.com/bid/19660
Overview:
A connection from a WebDBM Client to the DBM Server causes a
buffer overflow when the given database name is too large. This can result in the execution of arbitrary code in the context of the database server.
Details: SAP-DB/MaxDB is a heavy-duty, SAP-certified open source database for OLTP and OLAP usage which offers high reliability, availability, scalability and a very comprehensive feature set. It is targeted for large mySAP Business Suite environments and other applications that require maximum enterprise-level database functionality and complements the MySQL database server.
A remotely exploitable vulnerability exists in MaxDB's WebDBM. Authentication is not required
for successful exploitation to occur.
Vendor Response:
The above vulnerability has been fixed in the latest release of the product, MaxDB 7.6.00.31.
Licensed and evaluation versions of MaxDB are available for download in the download section of www.mysql.com/maxdb: http://dev.mysql.com/downloads/maxdb/7.6.00.html.
If there are any further questions about this statement, please contact mysql-MaxDB support.
Please note that SAP customers receive their downloads via the SAP Service Marketplace www.service.sap.com and must not use downloads from the addresses above for their SAP solutions.
Recommendation:
The vendor has released MaxDB 7.6.00.31 to address
this issue. Users should contact the vendor to obtain the appropriate upgrade.
As a temporary workaround the SAP-DB WWW Service should either be disabled or have access to it restricted using appropriate network or client based access controls.
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
CVE-2006-4305
- -------Symantec Consulting Services Advisory Information-------
For questions about this advisory, or to report an error: cs_advisories@symantec.com
For details on Symantec's Vulnerability Reporting Policy: http://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf
Consulting Services Advisory Archive: http://www.symantec.com/research/
Consulting Services Advisory GPG Key: http://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc
- -------------Symantec Product Advisory Information-------------
To Report a Security Vulnerability in a Symantec Product: secure@symantec.com
For general information on Symantec's Product Vulnerability reporting and response: http://www.symantec.com/security/
Symantec Product Advisory Archive: http://www.symantec.com/avcenter/security/SymantecAdvisories.html
Symantec Product Advisory PGP Key: http://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc
Copyright (c) 2006 by Symantec Corp. Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Consulting Services. Reprinting the whole or part of this alert in any medium other than electronically requires permission from cs_advisories@symantec.com.
Disclaimer The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Symantec, Symantec products, and Symantec Consulting Services are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFE8u4huk7IIFI45IARAlJoAKCqrvNsyLPPWm5Dnor9VtePm+I7zACfVqf5 gKP3gDsY1sr7ioo8+maNHFA= =vuXL -----END PGP SIGNATURE----- .
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.
Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
TITLE: MaxDB WebDBM Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA21677
VERIFY ADVISORY: http://secunia.com/advisories/21677/
CRITICAL: Moderately critical
IMPACT: System access
WHERE:
From local network
SOFTWARE: MaxDB 7.x http://secunia.com/product/4012/
DESCRIPTION: Oliver Karow has reported a vulnerability in MaxDB, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in WebDBM when processing database names.
The vulnerability has been reported in version 7.6.00.22. Other versions may also be affected.
SOLUTION: Update to version 7.6.00.31 or later. http://dev.mysql.com/downloads/maxdb/7.6.00.html
PROVIDED AND/OR DISCOVERED BY: Oliver Karow, Symantec.
ORIGINAL ADVISORY: Symantec: http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
For more information: SA21677
SOLUTION: Apply updated packages.
-- Debian GNU/Linux 3.1 alias sarge --
Source archives:
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.dsc Size/MD5 checksum: 1141 2747ee99a22fd9b6ba0ee9229cf23956 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.diff.gz Size/MD5 checksum: 102502 b00c857a9956eed998e17a155d692d8b http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24.orig.tar.gz Size/MD5 checksum: 16135296 4d581530145c30a46ef7a434573f3beb
AMD64 architecture:
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_amd64.deb Size/MD5 checksum: 681616 b4bf816d096fc5cf147e530979de8c2a http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_amd64.deb Size/MD5 checksum: 835926 0c6f2a9e4d8c945937afd044e15ff688 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_amd64.deb Size/MD5 checksum: 602828 f1ff9957fd7713422f589e2b5ce878e1 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_amd64.deb Size/MD5 checksum: 110542 d1b0ad84bba2fbf2e1fc66870d217c1a http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_amd64.deb Size/MD5 checksum: 879638 6c14c3e14f8a3d311b753da8059e8718 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_amd64.deb Size/MD5 checksum: 1002292 249bf89f7f2b342fc23bb230c87ce0d2 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_amd64.deb Size/MD5 checksum: 1924254 fedf03c8551d3c89fdcf9bd381ce25a9 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_amd64.deb Size/MD5 checksum: 1861026 7cd7e22627438e425fc014d5c0689882 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_amd64.deb Size/MD5 checksum: 2815606 12eca89b6c94a93f0805a3be61f053f5 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_amd64.deb Size/MD5 checksum: 11762902 9543cd40e9dd2bd31668dc34bdde714b http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_amd64.deb Size/MD5 checksum: 5454626 1a9e3e48fe5e5d0088e896ca1e2c535a http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_amd64.deb Size/MD5 checksum: 125258 cbc85c2295d40664794d8dea7fdefe36 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_amd64.deb Size/MD5 checksum: 2469898 7cf201e9a125267ab012196a6515b4bd http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_amd64.deb Size/MD5 checksum: 57530 cc1d8ba42c0213d233ecb07855733fab http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_amd64.deb Size/MD5 checksum: 52896 2623c86e1e8c104a7b6e534283f92d88 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_amd64.deb Size/MD5 checksum: 388490 dc2719125122fc8c9d74cf621db8a159 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_amd64.deb Size/MD5 checksum: 195236 edff932c86a91803ac12fa12afdffe80 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_amd64.deb Size/MD5 checksum: 388500 7e4f4d52029cffb09b4dec330be23f9f http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_amd64.deb Size/MD5 checksum: 195262 579c30388c18177e6a59fdb5b7a228ce
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_i386.deb Size/MD5 checksum: 724428 7f3da03ea2e15ec1906a17a844a8de71 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_i386.deb Size/MD5 checksum: 884322 f87be31d0c3ccc25826a8adbb90c0fd8 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_i386.deb Size/MD5 checksum: 662674 b768894d4d0613c7a78561ec3c63a736 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_i386.deb Size/MD5 checksum: 113500 0762412421cc8bba7920cd3e5c7ba912 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_i386.deb Size/MD5 checksum: 959610 05077a4995b6f30736dd031f650fc8bb http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_i386.deb Size/MD5 checksum: 1151380 f5952dd48f3c289d59c59869a7910675 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_i386.deb Size/MD5 checksum: 2074392 198c3e94e284f312acb8a60680fb3dac http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_i386.deb Size/MD5 checksum: 1998244 e85b595329b9d3ee86abca690ae8205f http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_i386.deb Size/MD5 checksum: 3087456 3ba8dc9c84e7e0d65e07b8d1f469adcd http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_i386.deb Size/MD5 checksum: 13245168 5bcd0e38d550518e611a510d338a3bd8 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_i386.deb Size/MD5 checksum: 6269766 b747c1d1155a6512266a1ce3e52a6ce1 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_i386.deb Size/MD5 checksum: 132864 f0c46a30fd72b4a29e93b9b75042c6a8 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_i386.deb Size/MD5 checksum: 2619482 9b66168b5b70efbd69c16a06e2de734d http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_i386.deb Size/MD5 checksum: 57534 7d4cb5ef1fa3bf65d79b590023cdc1db http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_i386.deb Size/MD5 checksum: 52902 61f35976dd90a9e461dfceea5430fa1e http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_i386.deb Size/MD5 checksum: 411124 79212c1b66ae516b5404f4d1bb314dc6 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_i386.deb Size/MD5 checksum: 204636 ae693e5ef1041afef92f11fa81314dfe http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_i386.deb Size/MD5 checksum: 411094 3974583dbdfb586097274e4aaddf376b http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_i386.deb Size/MD5 checksum: 204620 c2f00a1d54744ed51c547e681595f537
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_ia64.deb Size/MD5 checksum: 928300 8f9b50424dae7723c38aac9e0c9a52ab http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_ia64.deb Size/MD5 checksum: 1057976 d1127e1ab07ac2a3bc485f040fb0339c http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_ia64.deb Size/MD5 checksum: 911096 4b2d26b87f9e8abe2a8cabb5f5a3dc38 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_ia64.deb Size/MD5 checksum: 125196 c590b2aeb6e773afc78b234880679d0b http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_ia64.deb Size/MD5 checksum: 1157550 bc505370fe0b635ed20241dcec297922 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_ia64.deb Size/MD5 checksum: 1457434 239d74377e81b0d4cceed7e1c99553a5 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_ia64.deb Size/MD5 checksum: 2340496 2f32566da56fcaed5a889f29b2df2ae1 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_ia64.deb Size/MD5 checksum: 2253224 b49a58cd8ad452633f57c0d4c2bb7ccc http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_ia64.deb Size/MD5 checksum: 4126188 db0b224332c029575c85ec3b4af7055f http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_ia64.deb Size/MD5 checksum: 16985506 7634c5b20bbed0b559c5a30a70abcff1 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_ia64.deb Size/MD5 checksum: 8270364 76ac234b9524ec827443e44270b10a7d http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_ia64.deb Size/MD5 checksum: 172092 c89208be8d296c2a188b52b60e42ff1c http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_ia64.deb Size/MD5 checksum: 3018916 de87cf29f90c5b6e08698411c6ee6366 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_ia64.deb Size/MD5 checksum: 57530 67e6ce8dfb5282aed0aaf8c0d2e3dfba http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_ia64.deb Size/MD5 checksum: 52898 00f142490fbc22408ef5347abf228baa http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_ia64.deb Size/MD5 checksum: 512998 f38b9df396ef132650ddbd151780f5ce http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_ia64.deb Size/MD5 checksum: 247500 d014a66017bbabc285f0bb42df85a71e http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_ia64.deb Size/MD5 checksum: 513000 244752450b149746ec25fbbb67037d9e http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_ia64.deb Size/MD5 checksum: 247500 06b34ba0ab20719baf4c44a828de0436
-- Debian GNU/Linux unstable alias sid --
Reportedly, the problem will be fixed soon
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200608-0332",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sap-db",
"scope": "eq",
"trust": 1.0,
"vendor": "sap db",
"version": "*"
},
{
"model": "maxdb",
"scope": "lte",
"trust": 1.0,
"vendor": "mysql",
"version": "7.6.00.22"
},
{
"model": "maxdb",
"scope": "lt",
"trust": 0.8,
"vendor": "mysql ab",
"version": "7.6.00.30"
},
{
"model": "sap-db",
"scope": null,
"trust": 0.8,
"vendor": "sap db",
"version": null
},
{
"model": "maxdb",
"scope": "eq",
"trust": 0.6,
"vendor": "mysql",
"version": "7.6.00.22"
},
{
"model": "db sap db",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "ab maxdb",
"scope": "eq",
"trust": 0.3,
"vendor": "mysql",
"version": "7.6.00.22"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "ab maxdb",
"scope": "ne",
"trust": 0.3,
"vendor": "mysql",
"version": "7.6.00.31"
}
],
"sources": [
{
"db": "BID",
"id": "19660"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001994"
},
{
"db": "NVD",
"id": "CVE-2006-4305"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-466"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mysql:maxdb:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.6.00.22",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap-db:sap-db:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4305"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oliver Karow from Symantec is credited with the discovery of this vulnerability.",
"sources": [
{
"db": "BID",
"id": "19660"
}
],
"trust": 0.3
},
"cve": "CVE-2006-4305",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2006-4305",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-4305",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200608-466",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001994"
},
{
"db": "NVD",
"id": "CVE-2006-4305"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-466"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client. SAP-DB and MaxDB are prone to a remote buffer-overflow vulnerability because these applications fail to perform sufficient bounds-checking of user-supplied data before copying it to an insufficiently sized memory buffer. Failed exploit attempts will likely crash the application, denying further service to legitimate users. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n\n Symantec Vulnerability Research\n http://www.symantec.com/research\n Security Advisory\n\n Advisory ID: SYMSA-2006-09\n Advisory Title: SAP-DB/MaxDB WebDBM remote buffer overflow\n Author: Oliver Karow / Oliver_Karow@symantec.com\n Release Date: 29-08-2006\n Application: SAP-DB/MaxDB 7.6.00.22 - WebDBM\n Platform: Windows/Unix\n Severity: Remotely exploitable/Local System Access\n Vendor status: Verified by vendor / Resolved in 7.6.00.31\n CVE Number: CVE-2006-4305\n Reference: http://www.securityfocus.com/bid/19660\n\n\nOverview: \n\n A connection from a WebDBM Client to the DBM Server causes a \nbuffer overflow when the given database name is too large. This \ncan result in the execution of arbitrary code in the context of \nthe database server. \n\n\nDetails: \n SAP-DB/MaxDB is a heavy-duty, SAP-certified open source \ndatabase for OLTP and OLAP usage which offers high reliability, \navailability, scalability and a very comprehensive feature set. \nIt is targeted for large mySAP Business Suite environments \nand other applications that require maximum enterprise-level \ndatabase functionality and complements the MySQL database server. \n\n A remotely exploitable vulnerability exists in MaxDB\u0027s WebDBM. Authentication is not required \nfor successful exploitation to occur. \n\t\n\nVendor Response:\n\nThe above vulnerability has been fixed in the latest release of \nthe product, MaxDB 7.6.00.31. \n\nLicensed and evaluation versions of MaxDB are available for \ndownload in the download section of www.mysql.com/maxdb:\nhttp://dev.mysql.com/downloads/maxdb/7.6.00.html. \n\nIf there are any further questions about this statement, please\ncontact mysql-MaxDB support. \n\nPlease note that SAP customers receive their downloads via the \nSAP Service Marketplace www.service.sap.com and must not use \ndownloads from the addresses above for their SAP solutions. \n\nRecommendation:\n\n\tThe vendor has released MaxDB 7.6.00.31 to address \nthis issue. Users should contact the vendor to obtain the \nappropriate upgrade. \n\nAs a temporary workaround the SAP-DB WWW Service should either \nbe disabled or have access to it restricted using appropriate \nnetwork or client based access controls. \n\n\nCommon Vulnerabilities and Exposures (CVE) Information:\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned \nthe following names to these issues. These are candidates for \ninclusion in the CVE list (http://cve.mitre.org), which standardizes \nnames for security problems. \n\n\n CVE-2006-4305\n\n- -------Symantec Consulting Services Advisory Information-------\n\nFor questions about this advisory, or to report an error:\ncs_advisories@symantec.com\n\nFor details on Symantec\u0027s Vulnerability Reporting Policy: \nhttp://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf\n\nConsulting Services Advisory Archive: \nhttp://www.symantec.com/research/ \n\nConsulting Services Advisory GPG Key:\nhttp://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc\n\n- -------------Symantec Product Advisory Information-------------\n\nTo Report a Security Vulnerability in a Symantec Product:\nsecure@symantec.com \n\nFor general information on Symantec\u0027s Product Vulnerability \nreporting and response:\nhttp://www.symantec.com/security/\n\nSymantec Product Advisory Archive: \nhttp://www.symantec.com/avcenter/security/SymantecAdvisories.html\n\nSymantec Product Advisory PGP Key:\nhttp://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc\n\n- ---------------------------------------------------------------\n\nCopyright (c) 2006 by Symantec Corp. \nPermission to redistribute this alert electronically is granted \nas long as it is not edited in any way unless authorized by \nSymantec Consulting Services. Reprinting the whole or part of \nthis alert in any medium other than electronically requires \npermission from cs_advisories@symantec.com. \n\nDisclaimer\nThe information in the advisory is believed to be accurate at the \ntime of publishing based on currently available information. Use \nof the information constitutes acceptance for use in an AS IS \ncondition. There are no warranties with regard to this information. \nNeither the author nor the publisher accepts any liability for any \ndirect, indirect, or consequential loss or damage arising from use \nof, or reliance on, this information. \n\nSymantec, Symantec products, and Symantec Consulting Services are \nregistered trademarks of Symantec Corp. and/or affiliated companies \nin the United States and other countries. All other registered and \nunregistered trademarks represented in this document are the sole \nproperty of their respective companies/owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFE8u4huk7IIFI45IARAlJoAKCqrvNsyLPPWm5Dnor9VtePm+I7zACfVqf5\ngKP3gDsY1sr7ioo8+maNHFA=\n=vuXL\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nCurrently the following type of positions are available:\nhttp://secunia.com/quality_assurance_analyst/\nhttp://secunia.com/web_application_security_specialist/ \nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nMaxDB WebDBM Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA21677\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21677/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nMaxDB 7.x\nhttp://secunia.com/product/4012/\n\nDESCRIPTION:\nOliver Karow has reported a vulnerability in MaxDB, which can be\nexploited by malicious people to compromise a vulnerable system. \n\nThe vulnerability is caused due to a boundary error in WebDBM when\nprocessing database names. \n\nThe vulnerability has been reported in version 7.6.00.22. Other\nversions may also be affected. \n\nSOLUTION:\nUpdate to version 7.6.00.31 or later. \nhttp://dev.mysql.com/downloads/maxdb/7.6.00.html\n\nPROVIDED AND/OR DISCOVERED BY:\nOliver Karow, Symantec. \n\nORIGINAL ADVISORY:\nSymantec:\nhttp://www.symantec.com/enterprise/research/SYMSA-2006-009.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This fixes a\nvulnerability, which can be exploited by malicious people to\ncompromise a vulnerable system. \n\nFor more information:\nSA21677\n\nSOLUTION:\nApply updated packages. \n\n-- Debian GNU/Linux 3.1 alias sarge --\n\nSource archives:\n\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.dsc\nSize/MD5 checksum: 1141 2747ee99a22fd9b6ba0ee9229cf23956\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.diff.gz\nSize/MD5 checksum: 102502 b00c857a9956eed998e17a155d692d8b\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24.orig.tar.gz\nSize/MD5 checksum: 16135296 4d581530145c30a46ef7a434573f3beb\n\nAMD64 architecture:\n\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 681616 b4bf816d096fc5cf147e530979de8c2a\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 835926 0c6f2a9e4d8c945937afd044e15ff688\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 602828 f1ff9957fd7713422f589e2b5ce878e1\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 110542 d1b0ad84bba2fbf2e1fc66870d217c1a\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 879638 6c14c3e14f8a3d311b753da8059e8718\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 1002292 249bf89f7f2b342fc23bb230c87ce0d2\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 1924254 fedf03c8551d3c89fdcf9bd381ce25a9\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 1861026 7cd7e22627438e425fc014d5c0689882\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 2815606 12eca89b6c94a93f0805a3be61f053f5\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 11762902 9543cd40e9dd2bd31668dc34bdde714b\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 5454626 1a9e3e48fe5e5d0088e896ca1e2c535a\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 125258 cbc85c2295d40664794d8dea7fdefe36\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 2469898 7cf201e9a125267ab012196a6515b4bd\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 57530 cc1d8ba42c0213d233ecb07855733fab\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 52896 2623c86e1e8c104a7b6e534283f92d88\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 388490 dc2719125122fc8c9d74cf621db8a159\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 195236 edff932c86a91803ac12fa12afdffe80\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 388500 7e4f4d52029cffb09b4dec330be23f9f\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_amd64.deb\nSize/MD5 checksum: 195262 579c30388c18177e6a59fdb5b7a228ce\n\nIntel IA-32 architecture:\n\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 724428 7f3da03ea2e15ec1906a17a844a8de71\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 884322 f87be31d0c3ccc25826a8adbb90c0fd8\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 662674 b768894d4d0613c7a78561ec3c63a736\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 113500 0762412421cc8bba7920cd3e5c7ba912\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 959610 05077a4995b6f30736dd031f650fc8bb\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 1151380 f5952dd48f3c289d59c59869a7910675\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 2074392 198c3e94e284f312acb8a60680fb3dac\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 1998244 e85b595329b9d3ee86abca690ae8205f\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 3087456 3ba8dc9c84e7e0d65e07b8d1f469adcd\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 13245168 5bcd0e38d550518e611a510d338a3bd8\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 6269766 b747c1d1155a6512266a1ce3e52a6ce1\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 132864 f0c46a30fd72b4a29e93b9b75042c6a8\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 2619482 9b66168b5b70efbd69c16a06e2de734d\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 57534 7d4cb5ef1fa3bf65d79b590023cdc1db\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 52902 61f35976dd90a9e461dfceea5430fa1e\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 411124 79212c1b66ae516b5404f4d1bb314dc6\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 204636 ae693e5ef1041afef92f11fa81314dfe\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 411094 3974583dbdfb586097274e4aaddf376b\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_i386.deb\nSize/MD5 checksum: 204620 c2f00a1d54744ed51c547e681595f537\n\nIntel IA-64 architecture:\n\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 928300 8f9b50424dae7723c38aac9e0c9a52ab\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 1057976 d1127e1ab07ac2a3bc485f040fb0339c\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 911096 4b2d26b87f9e8abe2a8cabb5f5a3dc38\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 125196 c590b2aeb6e773afc78b234880679d0b\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 1157550 bc505370fe0b635ed20241dcec297922\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 1457434 239d74377e81b0d4cceed7e1c99553a5\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 2340496 2f32566da56fcaed5a889f29b2df2ae1\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 2253224 b49a58cd8ad452633f57c0d4c2bb7ccc\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 4126188 db0b224332c029575c85ec3b4af7055f\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 16985506 7634c5b20bbed0b559c5a30a70abcff1\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 8270364 76ac234b9524ec827443e44270b10a7d\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 172092 c89208be8d296c2a188b52b60e42ff1c\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 3018916 de87cf29f90c5b6e08698411c6ee6366\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 57530 67e6ce8dfb5282aed0aaf8c0d2e3dfba\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 52898 00f142490fbc22408ef5347abf228baa\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 512998 f38b9df396ef132650ddbd151780f5ce\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 247500 d014a66017bbabc285f0bb42df85a71e\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 513000 244752450b149746ec25fbbb67037d9e\nhttp://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_ia64.deb\nSize/MD5 checksum: 247500 06b34ba0ab20719baf4c44a828de0436\n\n-- Debian GNU/Linux unstable alias sid --\n\nReportedly, the problem will be fixed soon",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4305"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001994"
},
{
"db": "BID",
"id": "19660"
},
{
"db": "PACKETSTORM",
"id": "49541"
},
{
"db": "PACKETSTORM",
"id": "49583"
},
{
"db": "PACKETSTORM",
"id": "51237"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-4305",
"trust": 2.8
},
{
"db": "BID",
"id": "19660",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "21677",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "22518",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1016766",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2006-3410",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001994",
"trust": 0.8
},
{
"db": "XF",
"id": "28636",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-1190",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060828 SYMSA-2006-009",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200608-466",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "49541",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "49583",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "51237",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "19660"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001994"
},
{
"db": "PACKETSTORM",
"id": "49541"
},
{
"db": "PACKETSTORM",
"id": "49583"
},
{
"db": "PACKETSTORM",
"id": "51237"
},
{
"db": "NVD",
"id": "CVE-2006-4305"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-466"
}
]
},
"id": "VAR-200608-0332",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1359447
},
"last_update_date": "2023-12-18T13:05:13.815000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MaxDB",
"trust": 0.8,
"url": "http://www.mysql.com/sap/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.sapdb.org/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001994"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4305"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19660"
},
{
"trust": 1.6,
"url": "http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/21677"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/22518"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1016766"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2006/dsa-1190"
},
{
"trust": 1.1,
"url": "http://www.symantec.com/enterprise/research/symsa-2006-009.txt"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/444601/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/3410"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28636"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4305"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4305"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/444601/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3410"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/28636"
},
{
"trust": 0.4,
"url": "http://dev.mysql.com/downloads/maxdb/7.6.00.html."
},
{
"trust": 0.3,
"url": "http://www.mysql.com/products/maxdb/"
},
{
"trust": 0.3,
"url": "http://www.mysql.com"
},
{
"trust": 0.3,
"url": "http://www.sapdb.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/21677/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://www.mysql.com/maxdb:"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/research"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/research/symantec-responsible-disclosure.pdf"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/research/"
},
{
"trust": 0.1,
"url": "https://www.service.sap.com"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/avcenter/security/symantecadvisories.html"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/security/"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/security/symantec-vulnerability-management-key.asc"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4305"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/research/symantec_vulnerability_research_gpg.asc"
},
{
"trust": 0.1,
"url": "http://dev.mysql.com/downloads/maxdb/7.6.00.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4012/"
},
{
"trust": 0.1,
"url": "http://secunia.com/quality_assurance_analyst/"
},
{
"trust": 0.1,
"url": "http://secunia.com/web_application_security_specialist/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5307/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://www.us.debian.org/security/2006/dsa-1190"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.diff.gz"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/530/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/22518/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_i386.deb"
}
],
"sources": [
{
"db": "BID",
"id": "19660"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001994"
},
{
"db": "PACKETSTORM",
"id": "49541"
},
{
"db": "PACKETSTORM",
"id": "49583"
},
{
"db": "PACKETSTORM",
"id": "51237"
},
{
"db": "NVD",
"id": "CVE-2006-4305"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-466"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "19660"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001994"
},
{
"db": "PACKETSTORM",
"id": "49541"
},
{
"db": "PACKETSTORM",
"id": "49583"
},
{
"db": "PACKETSTORM",
"id": "51237"
},
{
"db": "NVD",
"id": "CVE-2006-4305"
},
{
"db": "CNNVD",
"id": "CNNVD-200608-466"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-08-29T00:00:00",
"db": "BID",
"id": "19660"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001994"
},
{
"date": "2006-08-29T16:57:14",
"db": "PACKETSTORM",
"id": "49541"
},
{
"date": "2006-08-30T20:08:37",
"db": "PACKETSTORM",
"id": "49583"
},
{
"date": "2006-10-23T18:08:13",
"db": "PACKETSTORM",
"id": "51237"
},
{
"date": "2006-08-30T01:04:00",
"db": "NVD",
"id": "CVE-2006-4305"
},
{
"date": "2006-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200608-466"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-10-04T23:15:00",
"db": "BID",
"id": "19660"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001994"
},
{
"date": "2018-10-17T21:34:28.740000",
"db": "NVD",
"id": "CVE-2006-4305"
},
{
"date": "2007-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200608-466"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200608-466"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP DB Buffer overflow vulnerability in products such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001994"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200608-466"
}
],
"trust": 0.6
}
}
VAR-200412-1126
Vulnerability from variot - Updated: 2023-12-18 11:20MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service (crash) via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in the IsAscii7 function. A remotely exploitable denial of service vulnerability exists in MaxDB. This will reportedly trigger an exception due to an assert directive failing, resulting in a denial of service condition in the web agent. This issue was reportedly tested on Windows and Linux versions. Other versions could also be affected. MySQL MaxDB Web Agent WebDBM Server Name Denial of Service Vulnerability
iDEFENSE Security Advisory 10.06.04a: www.idefense.com/application/poi/display?id=150&type=vulnerabilities October 6, 2004
I. BACKGROUND
MaxDB by MySQL is a re-branded and enhanced version of SAP DB, SAP AG's open source database. MaxDB is a heavy-duty, SAP-certified open source database that offers high availability, scalability and a comprehensive feature set. MaxDB complements the MySQL database server, targeted for large mySAP ERP environments and other applications that require maximum enterprise-level database functionality.
II.
The problem specifically exists due to improper input validation of a user-supplied variable in the IsAscii7() function.
wahttp:
ToolsCommon/Tools_DynamicUTF8String.hpp:249:
Tools_DynamicUTF8String::Tools_DynamicUTF8String(const SAPDB_Char *)
Assertion `IsAscii7(src)' failed.
Program received signal SIGABRT, Aborted.
[Switching to Thread 10251 (LWP 12706)]
0x40429781 in kill () from /lib/libc.so.6
III.
IV. DETECTION
iDEFENSE has confirmed that SAP DB version 7.5 for both Linux and Windows is vulnerable.
V. WORKAROUND
Use of an ingress perimeter firewall filter can help detect and mitigate the risk of attack.
VI. VENDOR RESPONSE
"A solution for the issue is available with MaxDB 7.5.00.18."
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the names CAN-2004-0931 to these issues. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
08/16/2004 Initial vendor notification 08/16/2004 iDEFENSE clients notified 08/19/2004 Initial vendor response 10/06/2004 Coordinated public disclosure
IX. CREDIT
Patrik Karlsson (cqure.net) is credited with this discovery.
Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp
X. LEGAL NOTICES
Copyright (c) 2004 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-1126",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "maxdb",
"scope": "eq",
"trust": 1.6,
"vendor": "mysql",
"version": "7.5.00.15"
},
{
"model": "maxdb",
"scope": "eq",
"trust": 1.6,
"vendor": "mysql",
"version": "7.5.00.12"
},
{
"model": "maxdb",
"scope": "eq",
"trust": 1.6,
"vendor": "mysql",
"version": "7.5.00.14"
},
{
"model": "maxdb",
"scope": "eq",
"trust": 1.6,
"vendor": "mysql",
"version": "7.5.00.08"
},
{
"model": "maxdb",
"scope": "eq",
"trust": 1.6,
"vendor": "mysql",
"version": "7.5.00.11"
},
{
"model": "maxdb",
"scope": "eq",
"trust": 1.6,
"vendor": "mysql",
"version": "7.5.00.16"
},
{
"model": "db",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.5"
},
{
"model": "ab maxdb",
"scope": "eq",
"trust": 0.3,
"vendor": "mysql",
"version": "7.5.00.16"
},
{
"model": "ab maxdb",
"scope": "eq",
"trust": 0.3,
"vendor": "mysql",
"version": "7.5.00.15"
},
{
"model": "ab maxdb",
"scope": "eq",
"trust": 0.3,
"vendor": "mysql",
"version": "7.5.00.14"
},
{
"model": "ab maxdb",
"scope": "eq",
"trust": 0.3,
"vendor": "mysql",
"version": "7.5.00.12"
},
{
"model": "ab maxdb",
"scope": "eq",
"trust": 0.3,
"vendor": "mysql",
"version": "7.5.00.11"
},
{
"model": "ab maxdb",
"scope": "eq",
"trust": 0.3,
"vendor": "mysql",
"version": "7.5.00.08"
},
{
"model": "ab maxdb",
"scope": "ne",
"trust": 0.3,
"vendor": "mysql",
"version": "7.5.00.18"
}
],
"sources": [
{
"db": "BID",
"id": "11346"
},
{
"db": "NVD",
"id": "CVE-2004-0931"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mysql:maxdb:7.5.00.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:maxdb:7.5.00.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:maxdb:7.5.00.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:maxdb:7.5.00.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:maxdb:7.5.00.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mysql:maxdb:7.5.00.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0931"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery is credited to Patrik Karlsson.",
"sources": [
{
"db": "BID",
"id": "11346"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
}
],
"trust": 0.9
},
"cve": "CVE-2004-0931",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-0931",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-644",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0931"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service (crash) via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in the IsAscii7 function. A remotely exploitable denial of service vulnerability exists in MaxDB. \nThis will reportedly trigger an exception due to an assert directive failing, resulting in a denial of service condition in the web agent. \nThis issue was reportedly tested on Windows and Linux versions. Other versions could also be affected. MySQL MaxDB Web Agent WebDBM Server Name Denial of Service Vulnerability\n\niDEFENSE Security Advisory 10.06.04a:\nwww.idefense.com/application/poi/display?id=150\u0026type=vulnerabilities\nOctober 6, 2004\n\nI. BACKGROUND\n\nMaxDB by MySQL is a re-branded and enhanced version of SAP DB, SAP AG\u0027s\nopen source database. MaxDB is a heavy-duty, SAP-certified open source\ndatabase that offers high availability, scalability and a comprehensive\nfeature set. MaxDB complements the MySQL database server, targeted for\nlarge mySAP ERP environments and other applications that require maximum\nenterprise-level database functionality. \n\nII. \n\nThe problem specifically exists due to improper input validation of a\nuser-supplied variable in the IsAscii7() function. \n\n wahttp:\n ToolsCommon/Tools_DynamicUTF8String.hpp:249:\n Tools_DynamicUTF8String::Tools_DynamicUTF8String(const SAPDB_Char *)\n Assertion `IsAscii7(src)\u0027 failed. \n\n Program received signal SIGABRT, Aborted. \n [Switching to Thread 10251 (LWP 12706)]\n 0x40429781 in kill () from /lib/libc.so.6\n\nIII. \n\nIV. DETECTION\n\niDEFENSE has confirmed that SAP DB version 7.5 for both Linux and\nWindows is vulnerable. \n\nV. WORKAROUND\n\nUse of an ingress perimeter firewall filter can help detect and mitigate\nthe risk of attack. \n\nVI. VENDOR RESPONSE\n\n\"A solution for the issue is available with MaxDB 7.5.00.18.\"\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nnames CAN-2004-0931 to these issues. This is a candidate for inclusion\nin the CVE list (http://cve.mitre.org), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n08/16/2004 Initial vendor notification\n08/16/2004 iDEFENSE clients notified\n08/19/2004 Initial vendor response\n10/06/2004 Coordinated public disclosure\n\nIX. CREDIT\n\nPatrik Karlsson (cqure.net) is credited with this discovery. \n\nGet paid for vulnerability research\nhttp://www.idefense.com/poi/teams/vcp.jsp\n\nX. LEGAL NOTICES\n\nCopyright (c) 2004 iDEFENSE, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically, please\nemail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on,\nthis information. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.netsys.com/full-disclosure-charter.html\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0931"
},
{
"db": "BID",
"id": "11346"
},
{
"db": "PACKETSTORM",
"id": "34608"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-0931",
"trust": 2.0
},
{
"db": "BID",
"id": "11346",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "12756",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "10532",
"trust": 1.6
},
{
"db": "IDEFENSE",
"id": "20041006 MYSQL MAXDB WEB AGENT WEBDBMSERVER NAME DENIAL OF SERVICE VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "7",
"trust": 0.6
},
{
"db": "XF",
"id": "17633",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200412-644",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "34608",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "11346"
},
{
"db": "PACKETSTORM",
"id": "34608"
},
{
"db": "NVD",
"id": "CVE-2004-0931"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
}
]
},
"id": "VAR-200412-1126",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1359447
},
"last_update_date": "2023-12-18T11:20:40.817000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0931"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.idefense.com/application/poi/display?id=150\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/10532"
},
{
"trust": 1.6,
"url": "http://www.secunia.com/advisories/12756"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/11346"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17633"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/17633"
},
{
"trust": 0.4,
"url": "http://www.idefense.com/application/poi/display?id=150\u0026type=vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www.mysql.com/products/maxdb/"
},
{
"trust": 0.1,
"url": "http://lists.netsys.com/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/poi/teams/vcp.jsp"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0931"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
}
],
"sources": [
{
"db": "BID",
"id": "11346"
},
{
"db": "PACKETSTORM",
"id": "34608"
},
{
"db": "NVD",
"id": "CVE-2004-0931"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "11346"
},
{
"db": "PACKETSTORM",
"id": "34608"
},
{
"db": "NVD",
"id": "CVE-2004-0931"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-10-07T00:00:00",
"db": "BID",
"id": "11346"
},
{
"date": "2004-10-13T05:40:14",
"db": "PACKETSTORM",
"id": "34608"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-0931"
},
{
"date": "2004-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-644"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-07-12T07:06:00",
"db": "BID",
"id": "11346"
},
{
"date": "2017-07-11T01:30:35.307000",
"db": "NVD",
"id": "CVE-2004-0931"
},
{
"date": "2006-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-644"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "34608"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MySQL MaxDB WebDBM Server Name Service Rejection Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-644"
}
],
"trust": 0.6
}
}
VAR-201410-0825
Vulnerability from variot - Updated: 2023-12-18 11:05Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500. This vulnerability CVE-2014-6500 Is a different vulnerability.Information is obtained by a third party, information is altered, and service operation is interrupted. (DoS) An attack may be carried out. The vulnerability can be exploited over the 'MySQL Protocol' protocol. The 'SERVER:SSL:yaSSL' sub component is affected. This vulnerability affects the following supported versions: 5.5.39 and earlier, 5.6.20 and earlier. The database system has the characteristics of high performance, low cost and good reliability. ============================================================================ Ubuntu Security Notice USN-2384-1 October 15, 2014
mysql-5.5 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in MySQL.
Software Description: - mysql-5.5: MySQL database
Details:
Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.40.
Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: mysql-server-5.5 5.5.40-0ubuntu0.14.04.1
Ubuntu 12.04 LTS: mysql-server-5.5 5.5.40-0ubuntu0.12.04.1
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2384-1 CVE-2012-5615, CVE-2014-4274, CVE-2014-4287, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6478, CVE-2014-6484, CVE-2014-6491, CVE-2014-6494, CVE-2014-6495, CVE-2014-6496, CVE-2014-6500, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559
Package Information: https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.40-0ubuntu0.14.04.1 https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.40-0ubuntu0.12.04.1 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] mariadb (SSA:2014-307-01)
New mariadb packages are available for Slackware 14.1 and -current to fix security issues.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/mariadb-5.5.40-i486-1_slack14.1.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6491 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6500 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6494 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6496 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mariadb-5.5.40-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mariadb-5.5.40-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/mariadb-5.5.40-i486-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/mariadb-5.5.40-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.1 package: da0aff5bebbbdc0621359c0fea027ae6 mariadb-5.5.40-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: dbb7d695a22ae538b5ad9c024823b190 mariadb-5.5.40-x86_64-1_slack14.1.txz
Slackware -current package: f9ca4cf6015ddbb73dfba16c535caffc ap/mariadb-5.5.40-i486-1.txz
Slackware x86_64 -current package: 6924f64b6c147556a58a2c6f1929ab5e ap/mariadb-5.5.40-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg mariadb-5.5.40-i486-1_slack14.1.txz
Then, restart the database server:
sh /etc/rc.d/rc.mysqld restart
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iEYEARECAAYFAlRYJz0ACgkQakRjwEAQIjPqygCeN1AAAJQbjyTDPKmJlNj5+1Qw 3IkAn3kpZO670aM3MoWqkCEfyHX4gXXu =11Km -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201411-02
http://security.gentoo.org/
Severity: Normal Title: MySQL, MariaDB: Multiple vulnerabilities Date: November 05, 2014 Bugs: #525504 ID: 201411-02
Synopsis
Multiple vulnerabilities have been found in the MySQL and MariaDB, possibly allowing attackers to cause unspecified impact.
Background
MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-db/mysql < 5.5.40 >= 5.5.40 2 dev-db/mariadb < 5.5.40-r1 >= 5.5.40-r1 ------------------------------------------------------------------- 2 affected packages
Description
Multiple unspecified vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code, Denial of Service, or disclosure of sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All MySQL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.5.40"
All MariaDB users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/mariadb-5.5.40-r1"
References
[ 1 ] CVE-2014-6464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6464 [ 2 ] CVE-2014-6469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6469 [ 3 ] CVE-2014-6491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6491 [ 4 ] CVE-2014-6494 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6494 [ 5 ] CVE-2014-6496 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6496 [ 6 ] CVE-2014-6500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6500 [ 7 ] CVE-2014-6507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6507 [ 8 ] CVE-2014-6555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6555 [ 9 ] CVE-2014-6559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6559
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201411-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details:
https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
For the stable distribution (wheezy), these problems have been fixed in version 5.5.40-0+wheezy1.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your mysql-5.5 packages
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201410-0825",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mysql",
"scope": "lte",
"trust": 1.8,
"vendor": "oracle",
"version": "5.5.39"
},
{
"model": "mysql",
"scope": "lte",
"trust": 1.8,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mysql",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.5.0"
},
{
"model": "mariadb",
"scope": "gte",
"trust": 1.0,
"vendor": "mariadb",
"version": "10.0.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "mysql",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.0"
},
{
"model": "mariadb",
"scope": "lt",
"trust": 1.0,
"vendor": "mariadb",
"version": "5.5.40"
},
{
"model": "mariadb",
"scope": "lt",
"trust": 1.0,
"vendor": "mariadb",
"version": "10.0.15"
},
{
"model": "mariadb",
"scope": "gte",
"trust": 1.0,
"vendor": "mariadb",
"version": "5.5.0"
},
{
"model": "junos space",
"scope": "lte",
"trust": 1.0,
"vendor": "juniper",
"version": "15.1"
},
{
"model": "mysql",
"scope": "lte",
"trust": 0.8,
"vendor": "mysql ab",
"version": "5.5.9"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "5.5.34"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "5.5.37"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "5.5.32"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "5.5.38"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "5.5.39"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "5.5.31"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "5.5.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "5.5.33"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "5.5.36"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.6,
"vendor": "oracle",
"version": "5.5.35"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "ab mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "mysql",
"version": "5.5"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "70444"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004810"
},
{
"db": "NVD",
"id": "CVE-2014-6491"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-399"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.5.39",
"versionStartIncluding": "5.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.6.20",
"versionStartIncluding": "5.6.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:juniper:junos_space:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.0.15",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.5.40",
"versionStartIncluding": "5.5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-6491"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "70444"
}
],
"trust": 0.3
},
"cve": "CVE-2014-6491",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-6491",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-74435",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-6491",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-399",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-74435",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-6491",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-74435"
},
{
"db": "VULMON",
"id": "CVE-2014-6491"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004810"
},
{
"db": "NVD",
"id": "CVE-2014-6491"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-399"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500. This vulnerability CVE-2014-6500 Is a different vulnerability.Information is obtained by a third party, information is altered, and service operation is interrupted. (DoS) An attack may be carried out. \nThe vulnerability can be exploited over the \u0027MySQL Protocol\u0027 protocol. The \u0027SERVER:SSL:yaSSL\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n5.5.39 and earlier, 5.6.20 and earlier. The database system has the characteristics of high performance, low cost and good reliability. ============================================================================\nUbuntu Security Notice USN-2384-1\nOctober 15, 2014\n\nmysql-5.5 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in MySQL. \n\nSoftware Description:\n- mysql-5.5: MySQL database\n\nDetails:\n\nMultiple security issues were discovered in MySQL and this update includes\na new upstream MySQL version to fix these issues. MySQL has been updated to\n5.5.40. \n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n mysql-server-5.5 5.5.40-0ubuntu0.14.04.1\n\nUbuntu 12.04 LTS:\n mysql-server-5.5 5.5.40-0ubuntu0.12.04.1\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2384-1\n CVE-2012-5615, CVE-2014-4274, CVE-2014-4287, CVE-2014-6463,\n CVE-2014-6464, CVE-2014-6469, CVE-2014-6478, CVE-2014-6484,\n CVE-2014-6491, CVE-2014-6494, CVE-2014-6495, CVE-2014-6496,\n CVE-2014-6500, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520,\n CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.40-0ubuntu0.14.04.1\n https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.40-0ubuntu0.12.04.1\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security] mariadb (SSA:2014-307-01)\n\nNew mariadb packages are available for Slackware 14.1 and -current to\nfix security issues. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/mariadb-5.5.40-i486-1_slack14.1.txz: Upgraded. \n This update contains security fixes and improvements. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6491\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6500\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6494\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6496\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mariadb-5.5.40-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mariadb-5.5.40-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/mariadb-5.5.40-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/mariadb-5.5.40-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.1 package:\nda0aff5bebbbdc0621359c0fea027ae6 mariadb-5.5.40-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ndbb7d695a22ae538b5ad9c024823b190 mariadb-5.5.40-x86_64-1_slack14.1.txz\n\nSlackware -current package:\nf9ca4cf6015ddbb73dfba16c535caffc ap/mariadb-5.5.40-i486-1.txz\n\nSlackware x86_64 -current package:\n6924f64b6c147556a58a2c6f1929ab5e ap/mariadb-5.5.40-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg mariadb-5.5.40-i486-1_slack14.1.txz\n\nThen, restart the database server:\n# sh /etc/rc.d/rc.mysqld restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niEYEARECAAYFAlRYJz0ACgkQakRjwEAQIjPqygCeN1AAAJQbjyTDPKmJlNj5+1Qw\n3IkAn3kpZO670aM3MoWqkCEfyHX4gXXu\n=11Km\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201411-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: MySQL, MariaDB: Multiple vulnerabilities\n Date: November 05, 2014\n Bugs: #525504\n ID: 201411-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the MySQL and MariaDB,\npossibly allowing attackers to cause unspecified impact. \n\nBackground\n==========\n\nMySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an\nenhanced, drop-in replacement for MySQL. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-db/mysql \u003c 5.5.40 \u003e= 5.5.40\n 2 dev-db/mariadb \u003c 5.5.40-r1 \u003e= 5.5.40-r1\n -------------------------------------------------------------------\n 2 affected packages\n\nDescription\n===========\n\nMultiple unspecified vulnerabilities have been discovered in MySQL. \nPlease review the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could exploit these vulnerabilities to cause\nunspecified impact, possibly including remote execution of arbitrary\ncode, Denial of Service, or disclosure of sensitive information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll MySQL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-db/mysql-5.5.40\"\n\nAll MariaDB users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-db/mariadb-5.5.40-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-6464\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6464\n[ 2 ] CVE-2014-6469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6469\n[ 3 ] CVE-2014-6491\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6491\n[ 4 ] CVE-2014-6494\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6494\n[ 5 ] CVE-2014-6496\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6496\n[ 6 ] CVE-2014-6500\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6500\n[ 7 ] CVE-2014-6507\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6507\n[ 8 ] CVE-2014-6555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6555\n[ 9 ] CVE-2014-6559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6559\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201411-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. Please see the MySQL 5.5 Release Notes and Oracle\u0027s\nCritical Patch Update advisory for further details:\n\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html\n https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html\n http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 5.5.40-0+wheezy1. \n\nFor the unstable distribution (sid), these problems will be fixed soon. \n\nWe recommend that you upgrade your mysql-5.5 packages",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-6491"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004810"
},
{
"db": "BID",
"id": "70444"
},
{
"db": "VULHUB",
"id": "VHN-74435"
},
{
"db": "VULMON",
"id": "CVE-2014-6491"
},
{
"db": "PACKETSTORM",
"id": "128698"
},
{
"db": "PACKETSTORM",
"id": "128950"
},
{
"db": "PACKETSTORM",
"id": "128990"
},
{
"db": "PACKETSTORM",
"id": "128759"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-6491",
"trust": 3.3
},
{
"db": "BID",
"id": "70444",
"trust": 2.1
},
{
"db": "SECUNIA",
"id": "61579",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "62073",
"trust": 1.8
},
{
"db": "JUNIPER",
"id": "JSA10698",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004810",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-399",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-74435",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-6491",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128698",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128950",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128990",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128759",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-74435"
},
{
"db": "VULMON",
"id": "CVE-2014-6491"
},
{
"db": "BID",
"id": "70444"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004810"
},
{
"db": "PACKETSTORM",
"id": "128698"
},
{
"db": "PACKETSTORM",
"id": "128950"
},
{
"db": "PACKETSTORM",
"id": "128990"
},
{
"db": "PACKETSTORM",
"id": "128759"
},
{
"db": "NVD",
"id": "CVE-2014-6491"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-399"
}
]
},
"id": "VAR-201410-0825",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-74435"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:05:30.410000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Text Form of Oracle Critical Patch Update - October 2014 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014verbose-1972962.html"
},
{
"title": "Oracle Critical Patch Update Advisory - October 2014",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"title": "Oracle Solaris Third Party Bulletin - October 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"title": "October 2014 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/october_2014_critical_patch_update"
},
{
"title": "JSA10698",
"trust": 0.8,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10698\u0026actp=search"
},
{
"title": "Oracle MySQL Server Fixes for code execution vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=198607"
},
{
"title": "Red Hat: CVE-2014-6491",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-6491"
},
{
"title": "Amazon Linux AMI: ALAS-2014-428",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-428"
},
{
"title": "Debian CVElist Bug Report Logs: cyassl: CVE-2014-2901 CVE-2014-2902 CVE-2014-2903 CVE-2014-2904 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=11d6fda56ad8f0f5aff8f1a4088693e7"
},
{
"title": "Ubuntu Security Notice: mysql-5.5 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2384-1"
},
{
"title": "Debian Security Advisories: DSA-3054-1 mysql-5.5 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=dc9d1bd54965b02ce0b328f02c7c1489"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=92308e3c4d305e91c2eba8c9c6835e83"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/iknowmyname/nmap-scans-m2 "
},
{
"title": "cveScannerV2",
"trust": 0.1,
"url": "https://github.com/retr0-13/cvescannerv2 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/scmanjarrez/testrepository "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-6491"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004810"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-399"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-6491"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"trust": 1.9,
"url": "http://security.gentoo.org/glsa/glsa-201411-02.xml"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/70444"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/61579"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/62073"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
},
{
"trust": 1.7,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10698"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6491"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6491"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6469"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6491"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6500"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6555"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6496"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6464"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6507"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6559"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6494"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6463"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6478"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6495"
},
{
"trust": 0.2,
"url": "http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6551"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6484"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4274"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6505"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6520"
},
{
"trust": 0.2,
"url": "http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6530"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5615"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10698"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-6491"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2384-1/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=36083"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.40-0ubuntu0.14.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/mysql-5.5/5.5.40-0ubuntu0.12.04.1"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2384-1"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6555"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6496"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6507"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6500"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6469"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6559"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6494"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6464"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6559"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6507"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6500"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6464"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6494"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6491"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6469"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6496"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-74435"
},
{
"db": "VULMON",
"id": "CVE-2014-6491"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004810"
},
{
"db": "PACKETSTORM",
"id": "128698"
},
{
"db": "PACKETSTORM",
"id": "128950"
},
{
"db": "PACKETSTORM",
"id": "128990"
},
{
"db": "PACKETSTORM",
"id": "128759"
},
{
"db": "NVD",
"id": "CVE-2014-6491"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-399"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-74435"
},
{
"db": "VULMON",
"id": "CVE-2014-6491"
},
{
"db": "BID",
"id": "70444"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004810"
},
{
"db": "PACKETSTORM",
"id": "128698"
},
{
"db": "PACKETSTORM",
"id": "128950"
},
{
"db": "PACKETSTORM",
"id": "128990"
},
{
"db": "PACKETSTORM",
"id": "128759"
},
{
"db": "NVD",
"id": "CVE-2014-6491"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-399"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-74435"
},
{
"date": "2014-10-15T00:00:00",
"db": "VULMON",
"id": "CVE-2014-6491"
},
{
"date": "2014-10-14T00:00:00",
"db": "BID",
"id": "70444"
},
{
"date": "2014-10-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004810"
},
{
"date": "2014-10-15T23:08:56",
"db": "PACKETSTORM",
"id": "128698"
},
{
"date": "2014-11-04T18:10:24",
"db": "PACKETSTORM",
"id": "128950"
},
{
"date": "2014-11-06T17:09:34",
"db": "PACKETSTORM",
"id": "128990"
},
{
"date": "2014-10-21T00:40:52",
"db": "PACKETSTORM",
"id": "128759"
},
{
"date": "2014-10-15T22:55:05.840000",
"db": "NVD",
"id": "CVE-2014-6491"
},
{
"date": "2014-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-399"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-74435"
},
{
"date": "2022-07-01T00:00:00",
"db": "VULMON",
"id": "CVE-2014-6491"
},
{
"date": "2015-07-15T01:04:00",
"db": "BID",
"id": "70444"
},
{
"date": "2015-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004810"
},
{
"date": "2022-07-01T14:17:14.437000",
"db": "NVD",
"id": "CVE-2014-6491"
},
{
"date": "2022-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-399"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-399"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle MySQL of MySQL Server In SERVER:SSL:yaSSL Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004810"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "70444"
}
],
"trust": 0.3
}
}
CVE-2017-15945 (GCVE-0-2017-15945)
Vulnerability from nvd – Published: 2017-10-27 21:00 – Updated: 2024-08-05 20:13
VLAI
Summary
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugs.gentoo.org/630822 | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201711-04 | vendor-advisoryx_refsource_GENTOO |
Date Public
2017-10-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:13:05.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/630822"
},
{
"name": "GLSA-201711-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201711-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-11T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/630822"
},
{
"name": "GLSA-201711-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201711-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.gentoo.org/630822",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/630822"
},
{
"name": "GLSA-201711-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15945",
"datePublished": "2017-10-27T21:00:00.000Z",
"dateReserved": "2017-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:13:05.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2575 (GCVE-0-2015-2575)
Vulnerability from nvd – Published: 2015-04-16 16:00 – Updated: 2024-08-06 05:17
VLAI
Summary
Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-updates/2015-0… | vendor-advisoryx_refsource_SUSE |
| https://security.netapp.com/advisory/ntap-2015041… | x_refsource_CONFIRM |
| http://www.debian.org/security/2016/dsa-3621 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/74075 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1032121 | vdb-entryx_refsource_SECTRACK |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Date Public
2015-04-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:17:27.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2015:0967",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00089.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20150417-0003/"
},
{
"name": "DSA-3621",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3621"
},
{
"name": "74075",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74075"
},
{
"name": "1032121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032121"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "SUSE-SU-2015:0946",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-09T10:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "openSUSE-SU-2015:0967",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00089.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20150417-0003/"
},
{
"name": "DSA-3621",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3621"
},
{
"name": "74075",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74075"
},
{
"name": "1032121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032121"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "SUSE-SU-2015:0946",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-2575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:0967",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00089.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20150417-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20150417-0003/"
},
{
"name": "DSA-3621",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3621"
},
{
"name": "74075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74075"
},
{
"name": "1032121",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032121"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "SUSE-SU-2015:0946",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2015-2575",
"datePublished": "2015-04-16T16:00:00.000Z",
"dateReserved": "2015-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:17:27.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1492 (GCVE-0-2013-1492)
Vulnerability from nvd – Published: 2013-03-28 23:00 – Updated: 2024-08-06 15:04
VLAI
Summary
Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://dev.mysql.com/doc/relnotes/mysql/5.1/en/ne… | x_refsource_MISC |
| http://secunia.com/advisories/53372 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/52445 | third-party-advisoryx_refsource_SECUNIA |
| http://dev.mysql.com/doc/relnotes/mysql/5.5/en/ne… | x_refsource_MISC |
| http://security.gentoo.org/glsa/glsa-201308-06.xml | vendor-advisoryx_refsource_GENTOO |
| https://blogs.oracle.com/sunsecurity/entry/cve_20… | x_refsource_CONFIRM |
Date Public
2013-03-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:04:49.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "52445",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52445"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-30.html"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2013_1492_buffer_overflow"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-10T22:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "52445",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52445"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-30.html"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2013_1492_buffer_overflow"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-1492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html",
"refsource": "MISC",
"url": "http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html"
},
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "52445",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52445"
},
{
"name": "http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-30.html",
"refsource": "MISC",
"url": "http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-30.html"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "https://blogs.oracle.com/sunsecurity/entry/cve_2013_1492_buffer_overflow",
"refsource": "CONFIRM",
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2013_1492_buffer_overflow"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2013-1492",
"datePublished": "2013-03-28T23:00:00.000Z",
"dateReserved": "2013-01-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:04:49.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0553 (GCVE-0-2012-0553)
Vulnerability from nvd – Published: 2013-03-28 23:00 – Updated: 2024-08-06 18:30
VLAI
Summary
Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://dev.mysql.com/doc/relnotes/mysql/5.1/en/ne… | x_refsource_MISC |
| http://secunia.com/advisories/53372 | third-party-advisoryx_refsource_SECUNIA |
| https://blogs.oracle.com/sunsecurity/entry/cve_20… | x_refsource_CONFIRM |
| http://secunia.com/advisories/52445 | third-party-advisoryx_refsource_SECUNIA |
| http://security.gentoo.org/glsa/glsa-201308-06.xml | vendor-advisoryx_refsource_GENTOO |
Date Public
2013-03-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:30:53.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53372"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0553_buffer_overflow"
},
{
"name": "52445",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52445"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-10T22:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53372"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0553_buffer_overflow"
},
{
"name": "52445",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52445"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-0553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html",
"refsource": "MISC",
"url": "http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html"
},
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0553_buffer_overflow",
"refsource": "CONFIRM",
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0553_buffer_overflow"
},
{
"name": "52445",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52445"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2012-0553",
"datePublished": "2013-03-28T23:00:00.000Z",
"dateReserved": "2012-01-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:30:53.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0882 (GCVE-0-2012-0882)
Vulnerability from nvd – Published: 2012-12-21 02:00 – Updated: 2024-08-06 18:38
VLAI
Summary
Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://lists.immunityinc.com/pipermail/canvas/20… | mailing-listx_refsource_MLIST |
| https://lists.immunityinc.com/pipermail/canvas/20… | mailing-listx_refsource_MLIST |
| https://bugzilla.redhat.com/show_bug.cgi?id=789141 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2012/02/24/2 | mailing-listx_refsource_MLIST |
| https://blogs.oracle.com/sunsecurity/entry/cve_20… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Canvas] 20120223 VulnDisco MySQL 0day",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.immunityinc.com/pipermail/canvas/2012-February/000014.html"
},
{
"name": "[Canvas] 20120207 VulnDisco Pack Professional 9.17",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.immunityinc.com/pipermail/canvas/2012-February/000011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=789141"
},
{
"name": "[oss-security] 20120224 Re: MySQL 0-day - does it need a CVE?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/24/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0882buffer_overflow_vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-21T02:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Canvas] 20120223 VulnDisco MySQL 0day",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.immunityinc.com/pipermail/canvas/2012-February/000014.html"
},
{
"name": "[Canvas] 20120207 VulnDisco Pack Professional 9.17",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.immunityinc.com/pipermail/canvas/2012-February/000011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=789141"
},
{
"name": "[oss-security] 20120224 Re: MySQL 0-day - does it need a CVE?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/24/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0882buffer_overflow_vulnerability"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0882",
"datePublished": "2012-12-21T02:00:00.000Z",
"dateReserved": "2012-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:38:14.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2749 (GCVE-0-2012-2749)
Vulnerability from nvd – Published: 2012-08-17 00:00 – Updated: 2024-08-06 19:42
VLAI
Summary
MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://rhn.redhat.com/errata/RHSA-2012-1462.html | vendor-advisoryx_refsource_REDHAT |
| http://secunia.com/advisories/53372 | third-party-advisoryx_refsource_SECUNIA |
| http://rhn.redhat.com/errata/RHSA-2013-0180.html | vendor-advisoryx_refsource_REDHAT |
| http://security.gentoo.org/glsa/glsa-201308-06.xml | vendor-advisoryx_refsource_GENTOO |
| https://bugzilla.redhat.com/show_bug.cgi?id=833737 | x_refsource_CONFIRM |
| http://secunia.com/advisories/51309 | third-party-advisoryx_refsource_SECUNIA |
| http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html | x_refsource_CONFIRM |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.securityfocus.com/bid/55120 | vdb-entryx_refsource_BID |
Date Public
2012-06-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:32.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2012:1462",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1462.html"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "RHSA-2013:0180",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0180.html"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=833737"
},
{
"name": "51309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51309"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html"
},
{
"name": "MDVSA-2013:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "55120",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55120"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-10T22:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2012:1462",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1462.html"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "RHSA-2013:0180",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0180.html"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=833737"
},
{
"name": "51309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51309"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html"
},
{
"name": "MDVSA-2013:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "55120",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55120"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2012:1462",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1462.html"
},
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "RHSA-2013:0180",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0180.html"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=833737",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=833737"
},
{
"name": "51309",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51309"
},
{
"name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "55120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55120"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2749",
"datePublished": "2012-08-17T00:00:00.000Z",
"dateReserved": "2012-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:42:32.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2102 (GCVE-0-2012-2102)
Vulnerability from nvd – Published: 2012-08-17 00:00 – Updated: 2024-08-06 19:26
VLAI
Summary
MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://eromang.zataz.com/2012/04/10/oracle-mysql-… | x_refsource_MISC |
| http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | x_refsource_CONFIRM |
| http://secunia.com/advisories/53372 | third-party-advisoryx_refsource_SECUNIA |
| http://security.gentoo.org/glsa/glsa-201308-06.xml | vendor-advisoryx_refsource_GENTOO |
| http://bazaar.launchpad.net/~mysql/mysql-server/5… | x_refsource_MISC |
| http://www.securityfocus.com/bid/52931 | vdb-entryx_refsource_BID |
| http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/04/13/7 | mailing-listx_refsource_MLIST |
Date Public
2012-03-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:07.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15"
},
{
"name": "52931",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52931"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html"
},
{
"name": "[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/13/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-10T22:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15"
},
{
"name": "52931",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52931"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html"
},
{
"name": "[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/13/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/",
"refsource": "MISC",
"url": "http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/"
},
{
"name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html"
},
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15",
"refsource": "MISC",
"url": "http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15"
},
{
"name": "52931",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52931"
},
{
"name": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html"
},
{
"name": "[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/13/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2102",
"datePublished": "2012-08-17T00:00:00.000Z",
"dateReserved": "2012-04-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:26:07.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5026 (GCVE-0-2009-5026)
Vulnerability from nvd – Published: 2012-08-17 00:00 – Updated: 2024-08-07 07:24
VLAI
Summary
The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=640177 | x_refsource_CONFIRM |
| http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html | x_refsource_CONFIRM |
| http://bugs.mysql.com/bug.php?id=49124 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html | x_refsource_CONFIRM |
| http://seclists.org/oss-sec/2011/q4/101 | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/49179 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2009-11-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=640177"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mysql.com/bug.php?id=49124"
},
{
"name": "SUSE-SU-2012:0984",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html"
},
{
"name": "[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2011/q4/101"
},
{
"name": "49179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49179"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-13T09:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=640177"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mysql.com/bug.php?id=49124"
},
{
"name": "SUSE-SU-2012:0984",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html"
},
{
"name": "[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2011/q4/101"
},
{
"name": "49179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49179"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-5026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=640177",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=640177"
},
{
"name": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html"
},
{
"name": "http://bugs.mysql.com/bug.php?id=49124",
"refsource": "CONFIRM",
"url": "http://bugs.mysql.com/bug.php?id=49124"
},
{
"name": "SUSE-SU-2012:0984",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html"
},
{
"name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html"
},
{
"name": "[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2011/q4/101"
},
{
"name": "49179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49179"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-5026",
"datePublished": "2012-08-17T00:00:00.000Z",
"dateReserved": "2010-12-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:24:53.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1696 (GCVE-0-2012-1696)
Vulnerability from nvd – Published: 2012-05-03 22:00 – Updated: 2024-08-06 19:08
VLAI
Summary
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/53372 | third-party-advisoryx_refsource_SECUNIA |
| http://security.gentoo.org/glsa/glsa-201308-06.xml | vendor-advisoryx_refsource_GENTOO |
| http://www.securityfocus.com/bid/53071 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id?1026934 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/48890 | third-party-advisoryx_refsource_SECUNIA |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://secunia.com/advisories/49179 | third-party-advisoryx_refsource_SECUNIA |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
Date Public
2012-04-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:08:38.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "53071",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53071"
},
{
"name": "1026934",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026934"
},
{
"name": "48890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "49179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49179"
},
{
"name": "MDVSA-2013:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-06T21:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "53071",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53071"
},
{
"name": "1026934",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026934"
},
{
"name": "48890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "49179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49179"
},
{
"name": "MDVSA-2013:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-1696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "53071",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53071"
},
{
"name": "1026934",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026934"
},
{
"name": "48890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48890"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "49179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49179"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2012-1696",
"datePublished": "2012-05-03T22:00:00.000Z",
"dateReserved": "2012-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:08:38.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0583 (GCVE-0-2012-0583)
Vulnerability from nvd – Published: 2012-05-03 22:00 – Updated: 2024-08-06 18:30
VLAI
Summary
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/53061 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/53372 | third-party-advisoryx_refsource_SECUNIA |
| http://security.gentoo.org/glsa/glsa-201308-06.xml | vendor-advisoryx_refsource_GENTOO |
| http://www.securitytracker.com/id?1026934 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/48890 | third-party-advisoryx_refsource_SECUNIA |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://secunia.com/advisories/49179 | third-party-advisoryx_refsource_SECUNIA |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
Date Public
2012-04-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:30:52.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53061",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53061"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "1026934",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026934"
},
{
"name": "48890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "49179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49179"
},
{
"name": "MDVSA-2013:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-06T21:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "53061",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53061"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "1026934",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026934"
},
{
"name": "48890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "49179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49179"
},
{
"name": "MDVSA-2013:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-0583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53061",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53061"
},
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "1026934",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026934"
},
{
"name": "48890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48890"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "49179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49179"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2012-0583",
"datePublished": "2012-05-03T22:00:00.000Z",
"dateReserved": "2012-01-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:30:52.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0492 (GCVE-0-2012-0492)
Vulnerability from nvd – Published: 2012-01-18 22:00 – Updated: 2024-08-06 18:23
VLAI
Summary
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-1397-1 | vendor-advisoryx_refsource_UBUNTU |
| http://secunia.com/advisories/53372 | third-party-advisoryx_refsource_SECUNIA |
| http://security.gentoo.org/glsa/glsa-201308-06.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/48250 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://osvdb.org/78393 | vdb-entryx_refsource_OSVDB |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/51516 | vdb-entryx_refsource_BID |
| http://www.debian.org/security/2012/dsa-2429 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2012-01-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:30.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1397-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "48250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48250"
},
{
"name": "mysql-serveruns14-dos(72537)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72537"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"name": "78393",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78393"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687"
},
{
"name": "51516",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51516"
},
{
"name": "DSA-2429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-20T17:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "USN-1397-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "48250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48250"
},
{
"name": "mysql-serveruns14-dos(72537)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72537"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"name": "78393",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78393"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687"
},
{
"name": "51516",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51516"
},
{
"name": "DSA-2429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-0492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1397-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "48250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48250"
},
{
"name": "mysql-serveruns14-dos(72537)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72537"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"name": "78393",
"refsource": "OSVDB",
"url": "http://osvdb.org/78393"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687"
},
{
"name": "51516",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51516"
},
{
"name": "DSA-2429",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2012-0492",
"datePublished": "2012-01-18T22:00:00.000Z",
"dateReserved": "2012-01-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:23:30.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0490 (GCVE-0-2012-0490)
Vulnerability from nvd – Published: 2012-01-18 22:00 – Updated: 2024-08-06 18:23
VLAI
Summary
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-1397-1 | vendor-advisoryx_refsource_UBUNTU |
| http://secunia.com/advisories/53372 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/78388 | vdb-entryx_refsource_OSVDB |
| http://security.gentoo.org/glsa/glsa-201308-06.xml | vendor-advisoryx_refsource_GENTOO |
| http://www.securityfocus.com/bid/51524 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/48250 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687 | x_refsource_CONFIRM |
| http://www.debian.org/security/2012/dsa-2429 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2012-01-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:31.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1397-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "mysql-serveruns9-dos(72531)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72531"
},
{
"name": "78388",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78388"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "51524",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51524"
},
{
"name": "48250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48250"
},
{
"name": "SUSE-SU-2012:0984",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687"
},
{
"name": "DSA-2429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-20T17:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "USN-1397-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "mysql-serveruns9-dos(72531)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72531"
},
{
"name": "78388",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78388"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "51524",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51524"
},
{
"name": "48250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48250"
},
{
"name": "SUSE-SU-2012:0984",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687"
},
{
"name": "DSA-2429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-0490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1397-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "mysql-serveruns9-dos(72531)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72531"
},
{
"name": "78388",
"refsource": "OSVDB",
"url": "http://osvdb.org/78388"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "51524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51524"
},
{
"name": "48250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48250"
},
{
"name": "SUSE-SU-2012:0984",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687"
},
{
"name": "DSA-2429",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2012-0490",
"datePublished": "2012-01-18T22:00:00.000Z",
"dateReserved": "2012-01-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:23:31.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0485 (GCVE-0-2012-0485)
Vulnerability from nvd – Published: 2012-01-18 22:00 – Updated: 2024-08-06 18:23
VLAI
Summary
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://osvdb.org/78383 | vdb-entryx_refsource_OSVDB |
| http://www.ubuntu.com/usn/USN-1397-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.securityfocus.com/bid/51513 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/53372 | third-party-advisoryx_refsource_SECUNIA |
| http://security.gentoo.org/glsa/glsa-201308-06.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/48250 | third-party-advisoryx_refsource_SECUNIA |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687 | x_refsource_CONFIRM |
| http://www.debian.org/security/2012/dsa-2429 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2012-01-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:30.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "78383",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78383"
},
{
"name": "USN-1397-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name": "51513",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51513"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "48250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48250"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"name": "mysql-serveruns4-dos(72526)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72526"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687"
},
{
"name": "DSA-2429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-20T17:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "78383",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78383"
},
{
"name": "USN-1397-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name": "51513",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51513"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "48250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48250"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"name": "mysql-serveruns4-dos(72526)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72526"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687"
},
{
"name": "DSA-2429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-0485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "78383",
"refsource": "OSVDB",
"url": "http://osvdb.org/78383"
},
{
"name": "USN-1397-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name": "51513",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51513"
},
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "48250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48250"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"name": "mysql-serveruns4-dos(72526)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72526"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687"
},
{
"name": "DSA-2429",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2012-0485",
"datePublished": "2012-01-18T22:00:00.000Z",
"dateReserved": "2012-01-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:23:30.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0484 (GCVE-0-2012-0484)
Vulnerability from nvd – Published: 2012-01-18 22:00 – Updated: 2024-08-06 18:23
VLAI
Summary
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-1397-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.securityfocus.com/bid/51515 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/53372 | third-party-advisoryx_refsource_SECUNIA |
| http://security.gentoo.org/glsa/glsa-201308-06.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/48250 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/78372 | vdb-entryx_refsource_OSVDB |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.debian.org/security/2012/dsa-2429 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2012-01-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:31.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1397-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name": "51515",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51515"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "48250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48250"
},
{
"name": "78372",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78372"
},
{
"name": "SUSE-SU-2012:0984",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687"
},
{
"name": "mysql-server-info-disc(72525)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72525"
},
{
"name": "DSA-2429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-20T17:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "USN-1397-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name": "51515",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51515"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "48250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48250"
},
{
"name": "78372",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78372"
},
{
"name": "SUSE-SU-2012:0984",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687"
},
{
"name": "mysql-server-info-disc(72525)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72525"
},
{
"name": "DSA-2429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-0484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1397-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name": "51515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51515"
},
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "48250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48250"
},
{
"name": "78372",
"refsource": "OSVDB",
"url": "http://osvdb.org/78372"
},
{
"name": "SUSE-SU-2012:0984",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687"
},
{
"name": "mysql-server-info-disc(72525)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72525"
},
{
"name": "DSA-2429",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2012-0484",
"datePublished": "2012-01-18T22:00:00.000Z",
"dateReserved": "2012-01-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:23:31.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0120 (GCVE-0-2012-0120)
Vulnerability from nvd – Published: 2012-01-18 22:00 – Updated: 2024-08-06 18:16
VLAI
Summary
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-1397-1 | vendor-advisoryx_refsource_UBUNTU |
| http://secunia.com/advisories/53372 | third-party-advisoryx_refsource_SECUNIA |
| http://security.gentoo.org/glsa/glsa-201308-06.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/48250 | third-party-advisoryx_refsource_SECUNIA |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687 | x_refsource_CONFIRM |
| http://www.debian.org/security/2012/dsa-2429 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2012-01-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:18.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1397-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "48250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48250"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687"
},
{
"name": "DSA-2429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-20T17:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "USN-1397-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "48250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48250"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687"
},
{
"name": "DSA-2429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-0120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1397-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "48250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48250"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687"
},
{
"name": "DSA-2429",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2012-0120",
"datePublished": "2012-01-18T22:00:00.000Z",
"dateReserved": "2011-12-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:16:18.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0119 (GCVE-0-2012-0119)
Vulnerability from nvd – Published: 2012-01-18 22:00 – Updated: 2024-08-06 18:16
VLAI
Summary
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-1397-1 | vendor-advisoryx_refsource_UBUNTU |
| http://secunia.com/advisories/53372 | third-party-advisoryx_refsource_SECUNIA |
| http://security.gentoo.org/glsa/glsa-201308-06.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/48250 | third-party-advisoryx_refsource_SECUNIA |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687 | x_refsource_CONFIRM |
| http://www.debian.org/security/2012/dsa-2429 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2012-01-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:18.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1397-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "48250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48250"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687"
},
{
"name": "DSA-2429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-20T17:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "USN-1397-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "48250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48250"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687"
},
{
"name": "DSA-2429",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-0119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1397-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "48250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48250"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687"
},
{
"name": "DSA-2429",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2012-0119",
"datePublished": "2012-01-18T22:00:00.000Z",
"dateReserved": "2011-12-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:16:18.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15945 (GCVE-0-2017-15945)
Vulnerability from cvelistv5 – Published: 2017-10-27 21:00 – Updated: 2024-08-05 20:13
VLAI
Summary
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugs.gentoo.org/630822 | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201711-04 | vendor-advisoryx_refsource_GENTOO |
Date Public
2017-10-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:13:05.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/630822"
},
{
"name": "GLSA-201711-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201711-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-11T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/630822"
},
{
"name": "GLSA-201711-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201711-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.gentoo.org/630822",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/630822"
},
{
"name": "GLSA-201711-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15945",
"datePublished": "2017-10-27T21:00:00.000Z",
"dateReserved": "2017-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:13:05.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2575 (GCVE-0-2015-2575)
Vulnerability from cvelistv5 – Published: 2015-04-16 16:00 – Updated: 2024-08-06 05:17
VLAI
Summary
Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-updates/2015-0… | vendor-advisoryx_refsource_SUSE |
| https://security.netapp.com/advisory/ntap-2015041… | x_refsource_CONFIRM |
| http://www.debian.org/security/2016/dsa-3621 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/74075 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1032121 | vdb-entryx_refsource_SECTRACK |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Date Public
2015-04-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:17:27.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2015:0967",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00089.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20150417-0003/"
},
{
"name": "DSA-3621",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3621"
},
{
"name": "74075",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74075"
},
{
"name": "1032121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032121"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "SUSE-SU-2015:0946",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-09T10:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "openSUSE-SU-2015:0967",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00089.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20150417-0003/"
},
{
"name": "DSA-3621",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3621"
},
{
"name": "74075",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74075"
},
{
"name": "1032121",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032121"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "SUSE-SU-2015:0946",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-2575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:0967",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00089.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20150417-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20150417-0003/"
},
{
"name": "DSA-3621",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3621"
},
{
"name": "74075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74075"
},
{
"name": "1032121",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032121"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "SUSE-SU-2015:0946",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2015-2575",
"datePublished": "2015-04-16T16:00:00.000Z",
"dateReserved": "2015-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:17:27.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1492 (GCVE-0-2013-1492)
Vulnerability from cvelistv5 – Published: 2013-03-28 23:00 – Updated: 2024-08-06 15:04
VLAI
Summary
Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://dev.mysql.com/doc/relnotes/mysql/5.1/en/ne… | x_refsource_MISC |
| http://secunia.com/advisories/53372 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/52445 | third-party-advisoryx_refsource_SECUNIA |
| http://dev.mysql.com/doc/relnotes/mysql/5.5/en/ne… | x_refsource_MISC |
| http://security.gentoo.org/glsa/glsa-201308-06.xml | vendor-advisoryx_refsource_GENTOO |
| https://blogs.oracle.com/sunsecurity/entry/cve_20… | x_refsource_CONFIRM |
Date Public
2013-03-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:04:49.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "52445",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52445"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-30.html"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2013_1492_buffer_overflow"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-10T22:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "52445",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52445"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-30.html"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2013_1492_buffer_overflow"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-1492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html",
"refsource": "MISC",
"url": "http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html"
},
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "52445",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52445"
},
{
"name": "http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-30.html",
"refsource": "MISC",
"url": "http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-30.html"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "https://blogs.oracle.com/sunsecurity/entry/cve_2013_1492_buffer_overflow",
"refsource": "CONFIRM",
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2013_1492_buffer_overflow"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2013-1492",
"datePublished": "2013-03-28T23:00:00.000Z",
"dateReserved": "2013-01-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:04:49.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0553 (GCVE-0-2012-0553)
Vulnerability from cvelistv5 – Published: 2013-03-28 23:00 – Updated: 2024-08-06 18:30
VLAI
Summary
Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://dev.mysql.com/doc/relnotes/mysql/5.1/en/ne… | x_refsource_MISC |
| http://secunia.com/advisories/53372 | third-party-advisoryx_refsource_SECUNIA |
| https://blogs.oracle.com/sunsecurity/entry/cve_20… | x_refsource_CONFIRM |
| http://secunia.com/advisories/52445 | third-party-advisoryx_refsource_SECUNIA |
| http://security.gentoo.org/glsa/glsa-201308-06.xml | vendor-advisoryx_refsource_GENTOO |
Date Public
2013-03-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:30:53.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53372"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0553_buffer_overflow"
},
{
"name": "52445",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52445"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-10T22:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53372"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0553_buffer_overflow"
},
{
"name": "52445",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52445"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-0553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html",
"refsource": "MISC",
"url": "http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html"
},
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0553_buffer_overflow",
"refsource": "CONFIRM",
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0553_buffer_overflow"
},
{
"name": "52445",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52445"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2012-0553",
"datePublished": "2013-03-28T23:00:00.000Z",
"dateReserved": "2012-01-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:30:53.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0882 (GCVE-0-2012-0882)
Vulnerability from cvelistv5 – Published: 2012-12-21 02:00 – Updated: 2024-08-06 18:38
VLAI
Summary
Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://lists.immunityinc.com/pipermail/canvas/20… | mailing-listx_refsource_MLIST |
| https://lists.immunityinc.com/pipermail/canvas/20… | mailing-listx_refsource_MLIST |
| https://bugzilla.redhat.com/show_bug.cgi?id=789141 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2012/02/24/2 | mailing-listx_refsource_MLIST |
| https://blogs.oracle.com/sunsecurity/entry/cve_20… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Canvas] 20120223 VulnDisco MySQL 0day",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.immunityinc.com/pipermail/canvas/2012-February/000014.html"
},
{
"name": "[Canvas] 20120207 VulnDisco Pack Professional 9.17",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.immunityinc.com/pipermail/canvas/2012-February/000011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=789141"
},
{
"name": "[oss-security] 20120224 Re: MySQL 0-day - does it need a CVE?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/24/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0882buffer_overflow_vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-21T02:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Canvas] 20120223 VulnDisco MySQL 0day",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.immunityinc.com/pipermail/canvas/2012-February/000014.html"
},
{
"name": "[Canvas] 20120207 VulnDisco Pack Professional 9.17",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.immunityinc.com/pipermail/canvas/2012-February/000011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=789141"
},
{
"name": "[oss-security] 20120224 Re: MySQL 0-day - does it need a CVE?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/24/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0882buffer_overflow_vulnerability"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0882",
"datePublished": "2012-12-21T02:00:00.000Z",
"dateReserved": "2012-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:38:14.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2749 (GCVE-0-2012-2749)
Vulnerability from cvelistv5 – Published: 2012-08-17 00:00 – Updated: 2024-08-06 19:42
VLAI
Summary
MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://rhn.redhat.com/errata/RHSA-2012-1462.html | vendor-advisoryx_refsource_REDHAT |
| http://secunia.com/advisories/53372 | third-party-advisoryx_refsource_SECUNIA |
| http://rhn.redhat.com/errata/RHSA-2013-0180.html | vendor-advisoryx_refsource_REDHAT |
| http://security.gentoo.org/glsa/glsa-201308-06.xml | vendor-advisoryx_refsource_GENTOO |
| https://bugzilla.redhat.com/show_bug.cgi?id=833737 | x_refsource_CONFIRM |
| http://secunia.com/advisories/51309 | third-party-advisoryx_refsource_SECUNIA |
| http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html | x_refsource_CONFIRM |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.securityfocus.com/bid/55120 | vdb-entryx_refsource_BID |
Date Public
2012-06-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:32.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2012:1462",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1462.html"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "RHSA-2013:0180",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0180.html"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=833737"
},
{
"name": "51309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51309"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html"
},
{
"name": "MDVSA-2013:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "55120",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55120"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-10T22:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2012:1462",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1462.html"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "RHSA-2013:0180",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0180.html"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=833737"
},
{
"name": "51309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51309"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html"
},
{
"name": "MDVSA-2013:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "55120",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55120"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2012:1462",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1462.html"
},
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "RHSA-2013:0180",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0180.html"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=833737",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=833737"
},
{
"name": "51309",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51309"
},
{
"name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "55120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55120"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2749",
"datePublished": "2012-08-17T00:00:00.000Z",
"dateReserved": "2012-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:42:32.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5026 (GCVE-0-2009-5026)
Vulnerability from cvelistv5 – Published: 2012-08-17 00:00 – Updated: 2024-08-07 07:24
VLAI
Summary
The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=640177 | x_refsource_CONFIRM |
| http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html | x_refsource_CONFIRM |
| http://bugs.mysql.com/bug.php?id=49124 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html | x_refsource_CONFIRM |
| http://seclists.org/oss-sec/2011/q4/101 | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/49179 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2009-11-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=640177"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mysql.com/bug.php?id=49124"
},
{
"name": "SUSE-SU-2012:0984",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html"
},
{
"name": "[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2011/q4/101"
},
{
"name": "49179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49179"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-13T09:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=640177"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mysql.com/bug.php?id=49124"
},
{
"name": "SUSE-SU-2012:0984",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html"
},
{
"name": "[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2011/q4/101"
},
{
"name": "49179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49179"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-5026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=640177",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=640177"
},
{
"name": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html"
},
{
"name": "http://bugs.mysql.com/bug.php?id=49124",
"refsource": "CONFIRM",
"url": "http://bugs.mysql.com/bug.php?id=49124"
},
{
"name": "SUSE-SU-2012:0984",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html"
},
{
"name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html"
},
{
"name": "[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2011/q4/101"
},
{
"name": "49179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49179"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-5026",
"datePublished": "2012-08-17T00:00:00.000Z",
"dateReserved": "2010-12-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:24:53.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2102 (GCVE-0-2012-2102)
Vulnerability from cvelistv5 – Published: 2012-08-17 00:00 – Updated: 2024-08-06 19:26
VLAI
Summary
MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://eromang.zataz.com/2012/04/10/oracle-mysql-… | x_refsource_MISC |
| http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | x_refsource_CONFIRM |
| http://secunia.com/advisories/53372 | third-party-advisoryx_refsource_SECUNIA |
| http://security.gentoo.org/glsa/glsa-201308-06.xml | vendor-advisoryx_refsource_GENTOO |
| http://bazaar.launchpad.net/~mysql/mysql-server/5… | x_refsource_MISC |
| http://www.securityfocus.com/bid/52931 | vdb-entryx_refsource_BID |
| http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/04/13/7 | mailing-listx_refsource_MLIST |
Date Public
2012-03-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:07.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15"
},
{
"name": "52931",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52931"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html"
},
{
"name": "[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/13/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-10T22:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15"
},
{
"name": "52931",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52931"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html"
},
{
"name": "[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/13/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/",
"refsource": "MISC",
"url": "http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/"
},
{
"name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html"
},
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15",
"refsource": "MISC",
"url": "http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15"
},
{
"name": "52931",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52931"
},
{
"name": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html"
},
{
"name": "[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/13/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2102",
"datePublished": "2012-08-17T00:00:00.000Z",
"dateReserved": "2012-04-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:26:07.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0583 (GCVE-0-2012-0583)
Vulnerability from cvelistv5 – Published: 2012-05-03 22:00 – Updated: 2024-08-06 18:30
VLAI
Summary
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/53061 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/53372 | third-party-advisoryx_refsource_SECUNIA |
| http://security.gentoo.org/glsa/glsa-201308-06.xml | vendor-advisoryx_refsource_GENTOO |
| http://www.securitytracker.com/id?1026934 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/48890 | third-party-advisoryx_refsource_SECUNIA |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://secunia.com/advisories/49179 | third-party-advisoryx_refsource_SECUNIA |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
Date Public
2012-04-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:30:52.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53061",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53061"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "1026934",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026934"
},
{
"name": "48890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "49179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49179"
},
{
"name": "MDVSA-2013:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-06T21:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "53061",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53061"
},
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "1026934",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026934"
},
{
"name": "48890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "49179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49179"
},
{
"name": "MDVSA-2013:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-0583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53061",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53061"
},
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "1026934",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026934"
},
{
"name": "48890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48890"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "49179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49179"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2012-0583",
"datePublished": "2012-05-03T22:00:00.000Z",
"dateReserved": "2012-01-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:30:52.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1696 (GCVE-0-2012-1696)
Vulnerability from cvelistv5 – Published: 2012-05-03 22:00 – Updated: 2024-08-06 19:08
VLAI
Summary
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/53372 | third-party-advisoryx_refsource_SECUNIA |
| http://security.gentoo.org/glsa/glsa-201308-06.xml | vendor-advisoryx_refsource_GENTOO |
| http://www.securityfocus.com/bid/53071 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id?1026934 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/48890 | third-party-advisoryx_refsource_SECUNIA |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://secunia.com/advisories/49179 | third-party-advisoryx_refsource_SECUNIA |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
Date Public
2012-04-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:08:38.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "53071",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53071"
},
{
"name": "1026934",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026934"
},
{
"name": "48890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "49179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49179"
},
{
"name": "MDVSA-2013:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-06T21:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "53372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "53071",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53071"
},
{
"name": "1026934",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026934"
},
{
"name": "48890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "49179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49179"
},
{
"name": "MDVSA-2013:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-1696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "53071",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53071"
},
{
"name": "1026934",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026934"
},
{
"name": "48890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48890"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "49179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49179"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2012-1696",
"datePublished": "2012-05-03T22:00:00.000Z",
"dateReserved": "2012-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:08:38.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}