Summary
| Detail | |||
|---|---|---|---|
| Vendor | Oracle | First view | 1998-12-27 |
| Product | Mysql | Last view | 2024-10-15 |
| Version | Type | ||
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2024-10-15 | CVE-2024-21272 | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.0.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). |
| 6.5 | 2024-10-15 | CVE-2024-21262 | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 9.0.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). |
| 0 | 2024-10-15 | CVE-2024-21247 | Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data as well as unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N). |
| 2.2 | 2024-10-15 | CVE-2024-21244 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N). |
| 2.2 | 2024-10-15 | CVE-2024-21243 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N). |
| 4.9 | 2024-10-15 | CVE-2024-21241 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| 4.9 | 2024-10-15 | CVE-2024-21239 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| 5.3 | 2024-10-15 | CVE-2024-21238 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior, 8.4.1 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). |
| 2.2 | 2024-10-15 | CVE-2024-21237 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). |
| 4.9 | 2024-10-15 | CVE-2024-21236 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| 0 | 2024-10-15 | CVE-2024-21232 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). |
| 0 | 2024-10-15 | CVE-2024-21231 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L). |
| 0 | 2024-10-15 | CVE-2024-21230 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
| 4.9 | 2024-10-15 | CVE-2024-21219 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| 0 | 2024-10-15 | CVE-2024-21218 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| 4.2 | 2024-10-15 | CVE-2024-21213 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H). |
| 4.4 | 2024-10-15 | CVE-2024-21212 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Health Monitor). Supported versions that are affected are 8.0.39 and prior and 8.4.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| 0 | 2024-10-15 | CVE-2024-21209 | Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 2.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N). |
| 0 | 2024-10-15 | CVE-2024-21207 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.38 and prior, 8.4.1 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| 0 | 2024-10-15 | CVE-2024-21204 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.4.0 and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| 4.9 | 2024-10-15 | CVE-2024-21203 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| 4.9 | 2024-10-15 | CVE-2024-21201 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| 0 | 2024-10-15 | CVE-2024-21200 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| 4.9 | 2024-10-15 | CVE-2024-21199 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| 4.9 | 2024-10-15 | CVE-2024-21198 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 12% (10) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 8% (7) | CWE-399 | Resource Management Errors |
| 8% (7) | CWE-264 | Permissions, Privileges, and Access Controls |
| 7% (6) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 7% (6) | CWE-20 | Improper Input Validation |
| 4% (4) | CWE-200 | Information Exposure |
| 3% (3) | CWE-787 | Out-of-bounds Write |
| 3% (3) | CWE-476 | NULL Pointer Dereference |
| 3% (3) | CWE-416 | Use After Free |
| 3% (3) | CWE-134 | Uncontrolled Format String |
| 2% (2) | CWE-284 | Access Control (Authorization) Issues |
| 2% (2) | CWE-190 | Integer Overflow or Wraparound |
| 2% (2) | CWE-189 | Numeric Errors |
| 2% (2) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
| 1% (1) | CWE-665 | Improper Initialization |
| 1% (1) | CWE-522 | Insufficiently Protected Credentials |
| 1% (1) | CWE-502 | Deserialization of Untrusted Data |
| 1% (1) | CWE-494 | Download of Code Without Integrity Check |
| 1% (1) | CWE-369 | Divide By Zero |
| 1% (1) | CWE-362 | Race Condition |
| 1% (1) | CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
| 1% (1) | CWE-319 | Cleartext Transmission of Sensitive Information |
| 1% (1) | CWE-310 | Cryptographic Issues |
| 1% (1) | CWE-295 | Certificate Issues |
| 1% (1) | CWE-287 | Improper Authentication |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-1 | Accessing Functionality Not Properly Constrained by ACLs |
| CAPEC-15 | Command Delimiters |
| CAPEC-17 | Accessing, Modifying or Executing Executable Files |
| CAPEC-60 | Reusing Session IDs (aka Session Replay) |
| CAPEC-61 | Session Fixation |
| CAPEC-62 | Cross Site Request Forgery (aka Session Riding) |
| CAPEC-122 | Exploitation of Authorization |
| CAPEC-180 | Exploiting Incorrectly Configured Access Control Security Levels |
| CAPEC-232 | Exploitation of Privilege/Trust |
| CAPEC-234 | Hijacking a privileged process |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:436 | MYSQLd Double-free Vulnerability |
| oval:org.mitre.oval:def:442 | MYSQL Privilege Escalation Vulnerability via INFO OUTFILE Select |
| oval:org.mitre.oval:def:11557 | mysqlbug in MySQL allows local users to overwrite arbitrary files via a symli... |
| oval:org.mitre.oval:def:10559 | The mysqld_multi script in MySQL allows local users to overwrite arbitrary fi... |
| oval:org.mitre.oval:def:10693 | The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp metho... |
| oval:org.mitre.oval:def:10479 | MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated... |
| oval:org.mitre.oval:def:10180 | MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated... |
| oval:org.mitre.oval:def:9591 | MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names... |
| oval:org.mitre.oval:def:9504 | mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the... |
| oval:org.mitre.oval:def:9915 | MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via ... |
| oval:org.mitre.oval:def:9918 | The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.... |
| oval:org.mitre.oval:def:11036 | sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to... |
| oval:org.mitre.oval:def:10312 | SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0... |
| oval:org.mitre.oval:def:9516 | mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.... |
| oval:org.mitre.oval:def:9827 | Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and ... |
| oval:org.mitre.oval:def:10468 | MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a... |
| oval:org.mitre.oval:def:10729 | MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on ca... |
| oval:org.mitre.oval:def:10105 | MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routine... |
| oval:org.mitre.oval:def:10686 | MySQL before 4.1.13 allows local users to cause a denial of service (persiste... |
| oval:org.mitre.oval:def:9530 | MySQL 5.x before 5.0.36 allows local users to cause a denial of service (data... |
| oval:org.mitre.oval:def:9930 | The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5... |
| oval:org.mitre.oval:def:9559 | MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not re... |
| oval:org.mitre.oval:def:9166 | The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.... |
| oval:org.mitre.oval:def:20366 | DSA-1413-1 mysql - multiple |
| oval:org.mitre.oval:def:11390 | The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB en... |
SAINT Exploits
| Description | Link |
|---|---|
| MySQL FILE privilege elevation | More info here |
| MySQL yaSSL SSL Hello message buffer overflow | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 78394 | Oracle MySQL Server Unspecified Remote DoS (2012-0493) |
| 78393 | Oracle MySQL Server Unspecified Remote DoS (2012-0492) |
| 78392 | Oracle MySQL Server Unspecified Remote DoS (2012-0117) |
| 78391 | Oracle MySQL Server Unspecified Remote DoS (2012-0112) |
| 78390 | Oracle MySQL Server Unspecified Remote DoS (2012-0495) |
| 78389 | Oracle MySQL Server Unspecified Remote DoS (2012-0491) |
| 78388 | Oracle MySQL Server Unspecified Remote DoS (2012-0490) |
| 78387 | Oracle MySQL Server Unspecified Remote DoS (2012-0489) |
| 78386 | Oracle MySQL Server Unspecified Remote DoS (2012-0488) |
| 78385 | Oracle MySQL Server Unspecified Remote DoS (2012-0487) |
| 78384 | Oracle MySQL Server Unspecified Remote DoS (2012-0486) |
| 78383 | Oracle MySQL Server Unspecified Remote DoS (2012-0485) |
| 78382 | Oracle MySQL Server Unspecified Remote DoS (2012-0120) |
| 78381 | Oracle MySQL Server Unspecified Remote DoS (2012-0119) |
| 78380 | Oracle MySQL Server Unspecified Remote DoS (2012-0115) |
| 78379 | Oracle MySQL Server Unspecified Remote DoS (2012-0102) |
| 78378 | Oracle MySQL Server Unspecified Remote DoS (2012-0101) |
| 78377 | Oracle MySQL Server Unspecified Remote DoS (2012-0087) |
| 78376 | Oracle MySQL Server Unspecified Remote DoS (2011-2262) |
| 78375 | Oracle MySQL Server Unspecified Local DoS |
| 78374 | Oracle MySQL Server Unspecified Remote Issue (2012-0075) |
| 78373 | Oracle MySQL Server Unspecified Local Issue |
| 78372 | Oracle MySQL Server Unspecified Remote Information Disclosure |
| 78371 | Oracle MySQL Server Unspecified Remote Issue (2012-0496) |
| 78370 | Oracle MySQL Server Unspecified Remote Issue (2012-0118) |
OpenVAS Exploits
| id | Description |
|---|---|
| 2013-09-18 | Name : Debian Security Advisory DSA 2581-1 (mysql-5.1 - several vulnerabilities) File : nvt/deb_2581_1.nasl |
| 2012-12-26 | Name : Fedora Update for mysql FEDORA-2012-19823 File : nvt/gb_fedora_2012_19823_mysql_fc16.nasl |
| 2012-12-18 | Name : Fedora Update for mysql FEDORA-2012-19833 File : nvt/gb_fedora_2012_19833_mysql_fc17.nasl |
| 2012-12-13 | Name : SuSE Update for mysql openSUSE-SU-2012:0860-1 (mysql) File : nvt/gb_suse_2012_0860_1.nasl |
| 2012-12-11 | Name : Ubuntu Update for mysql-5.5 USN-1658-1 File : nvt/gb_ubuntu_USN_1658_1.nasl |
| 2012-12-10 | Name : CentOS Update for mysql CESA-2012:1551 centos6 File : nvt/gb_CESA-2012_1551_mysql_centos6.nasl |
| 2012-12-10 | Name : RedHat Update for mysql RHSA-2012:1551-01 File : nvt/gb_RHSA-2012_1551-01_mysql.nasl |
| 2012-12-10 | Name : Mandriva Update for mysql MDVSA-2012:178 (mysql) File : nvt/gb_mandriva_MDVSA_2012_178.nasl |
| 2012-12-07 | Name : MySQL Authentication Error Message User Enumeration Vulnerability File : nvt/gb_oracle_mysql_old_auth_user_enum_vuln.nasl |
| 2012-11-26 | Name : Oracle MySQL Server Multiple Vulnerabilities-01 Nov12 (Windows) File : nvt/gb_oracle_mysql_multiple_vuln01_nov12_win.nasl |
| 2012-11-26 | Name : Oracle MySQL Server Multiple Vulnerabilities-02 Nov12 (Windows) File : nvt/gb_oracle_mysql_multiple_vuln02_nov12_win.nasl |
| 2012-11-26 | Name : Oracle MySQL Server Multiple Vulnerabilities-03 Nov12 (Windows) File : nvt/gb_oracle_mysql_multiple_vuln03_nov12_win.nasl |
| 2012-11-26 | Name : Oracle MySQL Server Multiple Vulnerabilities-04 Nov12 (Windows) File : nvt/gb_oracle_mysql_multiple_vuln04_nov12_win.nasl |
| 2012-11-26 | Name : Oracle MySQL Server Multiple Vulnerability-05 Nov12 (Windows) File : nvt/gb_oracle_mysql_multiple_vuln05_nov12_win.nasl |
| 2012-11-15 | Name : CentOS Update for mysql CESA-2012:1462 centos6 File : nvt/gb_CESA-2012_1462_mysql_centos6.nasl |
| 2012-11-15 | Name : RedHat Update for mysql RHSA-2012:1462-01 File : nvt/gb_RHSA-2012_1462-01_mysql.nasl |
| 2012-11-06 | Name : Ubuntu Update for mysql-5.5 USN-1621-1 File : nvt/gb_ubuntu_USN_1621_1.nasl |
| 2012-08-30 | Name : Fedora Update for mysql FEDORA-2012-9308 File : nvt/gb_fedora_2012_9308_mysql_fc17.nasl |
| 2012-08-10 | Name : Debian Security Advisory DSA 2496-1 (mysql-5.1) File : nvt/deb_2496_1.nasl |
| 2012-07-30 | Name : CentOS Update for mysql CESA-2012:0105 centos6 File : nvt/gb_CESA-2012_0105_mysql_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for mysql CESA-2012:0127 centos5 File : nvt/gb_CESA-2012_0127_mysql_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for mysql CESA-2012:0874 centos6 File : nvt/gb_CESA-2012_0874_mysql_centos6.nasl |
| 2012-07-09 | Name : RedHat Update for mysql RHSA-2012:0105-01 File : nvt/gb_RHSA-2012_0105-01_mysql.nasl |
| 2012-06-28 | Name : Fedora Update for mysql FEDORA-2012-9324 File : nvt/gb_fedora_2012_9324_mysql_fc16.nasl |
| 2012-06-22 | Name : RedHat Update for mysql RHSA-2012:0874-04 File : nvt/gb_RHSA-2012_0874-04_mysql.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0155 | Multiple Vulnerabilities in Oracle MySQL Product Suite Severity: Category I - VMSKEY: V0061083 |
| 2014-A-0106 | Multiple Vulnerabilities in Oracle MySQL Product Suite Severity: Category I - VMSKEY: V0053189 |
| 2014-A-0057 | Multiple Vulnerabilities in Oracle MySQL Products Severity: Category I - VMSKEY: V0049591 |
| 2014-A-0011 | Multiple Vulnerabilities in Oracle MySQL Products Severity: Category I - VMSKEY: V0043399 |
| 2013-A-0201 | Multiple Vulnerabilities in Oracle MySQL Products Severity: Category I - VMSKEY: V0040782 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Date_Format denial of service attempt RuleID : 8057 - Type : SERVER-MYSQL - Revision : 11 |
| 2020-01-14 | MySQL/MariaDB Server geometry query envelope object integer overflow attempt RuleID : 52423 - Type : SERVER-MYSQL - Revision : 1 |
| 2020-01-07 | yaSSL SSL Hello Message buffer overflow attempt RuleID : 52366 - Type : SERVER-MYSQL - Revision : 1 |
| 2014-01-10 | create function buffer overflow attempt RuleID : 4649 - Type : SERVER-MYSQL - Revision : 7 |
| 2017-11-30 | MySQL/MariaDB Server geometry query integer overflow attempt RuleID : 44674 - Type : SERVER-MYSQL - Revision : 2 |
| 2017-08-23 | Oracle MyPluggable Auth denial of service attempt RuleID : 43671 - Type : SQL - Revision : 3 |
| 2016-10-25 | Multiple SQL products privilege escalation attempt RuleID : 40254 - Type : SERVER-MYSQL - Revision : 2 |
| 2016-10-25 | Multiple SQL products privilege escalation attempt RuleID : 40253 - Type : SERVER-MYSQL - Revision : 2 |
| 2014-01-10 | client overflow attempt RuleID : 3672 - Type : SERVER-MYSQL - Revision : 11 |
| 2014-01-10 | protocol 41 client overflow attempt RuleID : 3671 - Type : SERVER-MYSQL - Revision : 11 |
| 2014-01-10 | secure client overflow attempt RuleID : 3670 - Type : SERVER-MYSQL - Revision : 11 |
| 2014-01-10 | protocol 41 secure client overflow attempt RuleID : 3669 - Type : SERVER-MYSQL - Revision : 11 |
| 2014-01-10 | client authentication bypass attempt RuleID : 3668 - Type : SERVER-MYSQL - Revision : 13 |
| 2014-01-10 | protocol 41 client authentication bypass attempt RuleID : 3667 - Type : SERVER-MYSQL - Revision : 11 |
| 2014-01-10 | server greeting finished RuleID : 3666 - Type : SERVER-MYSQL - Revision : 12 |
| 2014-01-10 | server greeting RuleID : 3665 - Type : SERVER-MYSQL - Revision : 11 |
| 2016-03-14 | Hunter exploit kit landing page detected RuleID : 36543 - Type : EXPLOIT-KIT - Revision : 2 |
| 2014-01-10 | create function access attempt RuleID : 3528 - Type : SERVER-MYSQL - Revision : 12 |
| 2015-03-31 | MySQL/MariaDB Server geometry query object integer overflow attempt RuleID : 33637 - Type : SERVER-MYSQL - Revision : 4 |
| 2015-01-06 | Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt RuleID : 32651 - Type : SERVER-MYSQL - Revision : 3 |
| 2015-01-06 | Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt RuleID : 32650 - Type : SERVER-MYSQL - Revision : 3 |
| 2015-01-06 | Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt RuleID : 32649 - Type : SERVER-MYSQL - Revision : 3 |
| 2015-01-06 | Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt RuleID : 32648 - Type : SERVER-MYSQL - Revision : 3 |
| 2015-01-06 | Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt RuleID : 32647 - Type : SERVER-MYSQL - Revision : 3 |
| 2014-12-16 | Oracle MySQL Server XPath memory Corruption attempt RuleID : 32533 - Type : SERVER-MYSQL - Revision : 2 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-18 | Name: The remote Fedora host is missing a security update. File: fedora_2019-a8ffcff7ee.nasl - Type: ACT_GATHER_INFO |
| 2019-01-17 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_5_6_43.nasl - Type: ACT_GATHER_INFO |
| 2019-01-17 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_5_7_25.nasl - Type: ACT_GATHER_INFO |
| 2019-01-17 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_8_0_14.nasl - Type: ACT_GATHER_INFO |
| 2019-01-16 | Name: The remote database server is affected by multiple vulnerabilities File: mariadb_10_0_37.nasl - Type: ACT_GATHER_INFO |
| 2019-01-16 | Name: The remote database server is affected by multiple vulnerabilities File: mariadb_5_5_42.nasl - Type: ACT_GATHER_INFO |
| 2019-01-07 | Name: The remote EulerOS Virtualization host is missing a security update. File: EulerOS_SA-2019-1001.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-00e90783d2.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-242f6c1a41.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-2513b888a4.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-55b875c1ac.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-77e610115a.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-83bbd0c22f.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-b4820696e1.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-c82fc3e109.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-f67fda3db6.nasl - Type: ACT_GATHER_INFO |
| 2018-12-28 | Name: Node.js - JavaScript run-time environment is affected by multiple vulnerabili... File: nodejs_2018_nov.nasl - Type: ACT_GATHER_INFO |
| 2018-12-10 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_2a86f45afc3c11e8a41400155d006b02.nasl - Type: ACT_GATHER_INFO |
| 2018-12-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1114.nasl - Type: ACT_GATHER_INFO |
| 2018-12-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1115.nasl - Type: ACT_GATHER_INFO |
| 2018-12-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1116.nasl - Type: ACT_GATHER_INFO |
| 2018-12-01 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4348.nasl - Type: ACT_GATHER_INFO |
| 2018-11-27 | Name: The remote Fedora host is missing a security update. File: fedora_2018-192148f4ff.nasl - Type: ACT_GATHER_INFO |
| 2018-11-27 | Name: The remote Fedora host is missing a security update. File: fedora_2018-4ae94c8deb.nasl - Type: ACT_GATHER_INFO |
| 2018-11-23 | Name: The remote Debian host is missing a security update. File: debian_DLA-1586.nasl - Type: ACT_GATHER_INFO |
