Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
TitleMySQL: Multiple vulnerabilities
Informations
NameGLSA-201308-06First vendor Publication2013-08-29
VendorGentooLast vendor Modification2013-08-29
Severity (Vendor) HighRevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score9Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in MySQL, allowing attackers to execute arbitrary code or cause Denial of Service.

Background

MySQL is a fast, multi-threaded, multi-user SQL database server.

Description

Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the application or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All MySQL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/mysql-5.1.70"

References

[ 1 ] CVE-2011-2262 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2262
[ 2 ] CVE-2012-0075 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0075
[ 3 ] CVE-2012-0087 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0087
[ 4 ] CVE-2012-0101 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0101
[ 5 ] CVE-2012-0102 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0102
[ 6 ] CVE-2012-0112 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0112
[ 7 ] CVE-2012-0113 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0113
[ 8 ] CVE-2012-0114 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0114
[ 9 ] CVE-2012-0115 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0115
[ 10 ] CVE-2012-0116 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0116
[ 11 ] CVE-2012-0117 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0117
[ 12 ] CVE-2012-0118 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0118
[ 13 ] CVE-2012-0119 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0119
[ 14 ] CVE-2012-0120 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0120
[ 15 ] CVE-2012-0484 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0484
[ 16 ] CVE-2012-0485 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0485
[ 17 ] CVE-2012-0486 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0486
[ 18 ] CVE-2012-0487 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0487
[ 19 ] CVE-2012-0488 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0488
[ 20 ] CVE-2012-0489 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0489
[ 21 ] CVE-2012-0490 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0490
[ 22 ] CVE-2012-0491 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0491
[ 23 ] CVE-2012-0492 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0492
[ 24 ] CVE-2012-0493 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0493
[ 25 ] CVE-2012-0494 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0494
[ 26 ] CVE-2012-0495 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0495
[ 27 ] CVE-2012-0496 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0496
[ 28 ] CVE-2012-0540 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0540
[ 29 ] CVE-2012-0553 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0553
[ 30 ] CVE-2012-0572 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0572
[ 31 ] CVE-2012-0574 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0574
[ 32 ] CVE-2012-0578 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0578
[ 33 ] CVE-2012-0583 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0583
[ 34 ] CVE-2012-1492 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1492
[ 35 ] CVE-2012-1623 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1623
[ 36 ] CVE-2012-1688 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1688
[ 37 ] CVE-2012-1689 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1689
[ 38 ] CVE-2012-1690 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1690
[ 39 ] CVE-2012-1696 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1696
[ 40 ] CVE-2012-1697 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1697
[ 41 ] CVE-2012-1702 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1702
[ 42 ] CVE-2012-1703 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1703
[ 43 ] CVE-2012-1705 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1705
[ 44 ] CVE-2012-1734 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1734
[ 45 ] CVE-2012-2102 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2102
[ 46 ] CVE-2012-2122 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2122
[ 47 ] CVE-2012-2749 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2749
[ 48 ] CVE-2012-3150 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3150
[ 49 ] CVE-2012-3158 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3158
[ 50 ] CVE-2012-3160 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3160
[ 51 ] CVE-2012-3163 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3163
[ 52 ] CVE-2012-3166 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3166
[ 53 ] CVE-2012-3167 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3167
[ 54 ] CVE-2012-3173 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3173
[ 55 ] CVE-2012-3177 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3177
[ 56 ] CVE-2012-3180 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3180
[ 57 ] CVE-2012-3197 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3197
[ 58 ] CVE-2012-5060 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5060
[ 59 ] CVE-2012-5096 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5096
[ 60 ] CVE-2012-5611 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5611
[ 61 ] CVE-2012-5612 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5612
[ 62 ] CVE-2012-5613 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5613
[ 63 ] CVE-2012-5614 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5614
[ 64 ] CVE-2012-5615 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5615
[ 65 ] CVE-2012-5627 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5627
[ 66 ] CVE-2013-0367 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0367
[ 67 ] CVE-2013-0368 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0368
[ 68 ] CVE-2013-0371 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0371
[ 69 ] CVE-2013-0375 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0375
[ 70 ] CVE-2013-0383 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0383
[ 71 ] CVE-2013-0384 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0384
[ 72 ] CVE-2013-0385 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0385
[ 73 ] CVE-2013-0386 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0386
[ 74 ] CVE-2013-0389 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0389
[ 75 ] CVE-2013-1502 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1502
[ 76 ] CVE-2013-1506 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1506
[ 77 ] CVE-2013-1511 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1511
[ 78 ] CVE-2013-1512 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1512
[ 79 ] CVE-2013-1521 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1521
[ 80 ] CVE-2013-1523 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1523
[ 81 ] CVE-2013-1526 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1526
[ 82 ] CVE-2013-1531 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1531
[ 83 ] CVE-2013-1532 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1532
[ 84 ] CVE-2013-1544 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1544
[ 85 ] CVE-2013-1548 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1548
[ 86 ] CVE-2013-1552 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1552
[ 87 ] CVE-2013-1555 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1555
[ 88 ] CVE-2013-1566 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1566
[ 89 ] CVE-2013-1567 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1567
[ 90 ] CVE-2013-1570 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1570
[ 91 ] CVE-2013-2375 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2375
[ 92 ] CVE-2013-2376 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2376
[ 93 ] CVE-2013-2378 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2378
[ 94 ] CVE-2013-2381 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2381
[ 95 ] CVE-2013-2389 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2389
[ 96 ] CVE-2013-2391 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2391
[ 97 ] CVE-2013-2392 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2392
[ 98 ] CVE-2013-2395 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2395
[ 99 ] CVE-2013-3802 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3802
[ 100 ] CVE-2013-3804 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3804
[ 101 ] CVE-2013-3808 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3808

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201308-06.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201308-06.xml

CWE : Common Weakness Enumeration

%idName
36 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
7 %CWE-399Resource Management Errors
7 %CWE-310Cryptographic Issues
7 %CWE-287Improper Authentication
7 %CWE-264Permissions, Privileges, and Access Controls
7 %CWE-255Credentials Management
7 %CWE-200Information Exposure
7 %CWE-89Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)
7 %CWE-20Improper Input Validation
7 %CWE-16Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21317
 
Oval ID: oval:org.mitre.oval:def:21317
Title: RHSA-2012:0105: mysql security update (Important)
Description: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.
Family: unix Class: patch
Reference(s): RHSA-2012:0105-01
CESA-2012:0105
CVE-2011-2262
CVE-2012-0075
CVE-2012-0087
CVE-2012-0101
CVE-2012-0102
CVE-2012-0112
CVE-2012-0113
CVE-2012-0114
CVE-2012-0115
CVE-2012-0116
CVE-2012-0118
CVE-2012-0119
CVE-2012-0120
CVE-2012-0484
CVE-2012-0485
CVE-2012-0490
CVE-2012-0492
CVE-2012-0583
Version: 237
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23683
 
Oval ID: oval:org.mitre.oval:def:23683
Title: ELSA-2012:0105: mysql security update (Important)
Description: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.
Family: unix Class: patch
Reference(s): ELSA-2012:0105-01
CVE-2011-2262
CVE-2012-0075
CVE-2012-0087
CVE-2012-0101
CVE-2012-0102
CVE-2012-0112
CVE-2012-0113
CVE-2012-0114
CVE-2012-0115
CVE-2012-0116
CVE-2012-0118
CVE-2012-0119
CVE-2012-0120
CVE-2012-0484
CVE-2012-0485
CVE-2012-0490
CVE-2012-0492
CVE-2012-0583
Version: 77
Platform(s): Oracle Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16267
 
Oval ID: oval:org.mitre.oval:def:16267
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized write access to any arbitrary Operating System location as well as read access to any arbitrary Operating System location
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0385
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.1
MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20971
 
Oval ID: oval:org.mitre.oval:def:20971
Title: RHSA-2013:0772: mysql security update (Important)
Description: Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Family: unix Class: patch
Reference(s): RHSA-2013:0772-01
CESA-2013:0772
CVE-2012-5614
CVE-2013-1506
CVE-2013-1521
CVE-2013-1531
CVE-2013-1532
CVE-2013-1544
CVE-2013-1548
CVE-2013-1552
CVE-2013-1555
CVE-2013-2375
CVE-2013-2378
CVE-2013-2389
CVE-2013-2391
CVE-2013-2392
Version: 199
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18467
 
Oval ID: oval:org.mitre.oval:def:18467
Title: DSA-2667-1 mysql-5.5 - several
Description: Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.5.31, which includes additional changes, such as performance improvements and corrections for data loss defects.
Family: unix Class: patch
Reference(s): DSA-2667-1
CVE-2013-1502
CVE-2013-1511
CVE-2013-1532
CVE-2013-1544
CVE-2013-2375
CVE-2013-2376
CVE-2013-2389
CVE-2013-2391
CVE-2013-2392
Version: 8
Platform(s): Debian GNU/Linux 7
Debian GNU/kFreeBSD 7
Product(s): mysql-5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18379
 
Oval ID: oval:org.mitre.oval:def:18379
Title: USN-1807-2 -- mysql-5.5 vulnerabilities
Description: Several security issues were fixed in MySQL.
Family: unix Class: patch
Reference(s): USN-1807-2
CVE-2012-0553
CVE-2013-1492
CVE-2013-1502
CVE-2013-1506
CVE-2013-1511
CVE-2013-1512
CVE-2013-1521
CVE-2013-1523
CVE-2013-1526
CVE-2013-1532
CVE-2013-1544
CVE-2013-1552
CVE-2013-1555
CVE-2013-1623
CVE-2013-2375
CVE-2013-2376
CVE-2013-2378
CVE-2013-2389
CVE-2013-2391
CVE-2013-2392
Version: 7
Platform(s): Ubuntu 13.04
Product(s): mysql-5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17129
 
Oval ID: oval:org.mitre.oval:def:17129
Title: USN-1807-1 -- MySQL vulnerabilities
Description: Multiple security issues were discovered in MySQL.
Family: unix Class: patch
Reference(s): usn-1807-1
CVE-2012-0553
CVE-2013-1492
CVE-2013-1502
CVE-2013-1506
CVE-2013-1511
CVE-2013-1512
CVE-2013-1521
CVE-2013-1523
CVE-2013-1526
CVE-2013-1532
CVE-2013-1544
CVE-2013-1552
CVE-2013-1555
CVE-2013-1623
CVE-2013-2375
CVE-2013-2376
CVE-2013-2378
CVE-2013-2389
CVE-2013-2391
CVE-2013-2392
Version: 7
Platform(s): Ubuntu 11.10
Ubuntu 12.04
Ubuntu 10.04
Ubuntu 12.10
Product(s): mysql-5.1
mysql-5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16451
 
Oval ID: oval:org.mitre.oval:def:16451
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0371
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21528
 
Oval ID: oval:org.mitre.oval:def:21528
Title: RHSA-2012:1551: mysql security update (Important)
Description: Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
Family: unix Class: patch
Reference(s): RHSA-2012:1551-01
CESA-2012:1551
CVE-2012-5611
Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21022
 
Oval ID: oval:org.mitre.oval:def:21022
Title: RHSA-2013:0180: mysql security update (Important)
Description: Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
Family: unix Class: patch
Reference(s): RHSA-2013:0180-00
CESA-2013:0180
CVE-2012-2749
CVE-2012-5611
Version: 31
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18423
 
Oval ID: oval:org.mitre.oval:def:18423
Title: DSA-2581-1 mysql-5.1 - several
Description: Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.66, which includes additional changes, such as performance improvements and corrections for data loss defects. These changes are described in the <a href="http://dev.mysql.com/doc/refman/5.1/en/news-5-1-66.html">MySQL release notes</a>.
Family: unix Class: patch
Reference(s): DSA-2581-1
CVE-2012-3150
CVE-2012-3158
CVE-2012-3160
CVE-2012-3163
CVE-2012-3166
CVE-2012-3167
CVE-2012-3173
CVE-2012-3177
CVE-2012-3180
CVE-2012-3197
CVE-2012-5611
Version: 7
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): mysql-5.1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17289
 
Oval ID: oval:org.mitre.oval:def:17289
Title: USN-1658-1 -- mysql-5.1, mysql-5.5, mysql-dfsg-5.1 vulnerability
Description: MySQL could be made to run programs if it received specially crafted network traffic from an authenticated user.
Family: unix Class: patch
Reference(s): USN-1658-1
CVE-2012-5611
Version: 7
Platform(s): Ubuntu 12.10
Ubuntu 12.04
Ubuntu 11.10
Ubuntu 10.04
Product(s): mysql-5.5
mysql-5.1
mysql-dfsg-5.1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16395
 
Oval ID: oval:org.mitre.oval:def:16395
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution
Description: Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
Family: windows Class: vulnerability
Reference(s): CVE-2012-5611
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.1
MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23921
 
Oval ID: oval:org.mitre.oval:def:23921
Title: ELSA-2012:1551: mysql security update (Important)
Description: Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
Family: unix Class: patch
Reference(s): ELSA-2012:1551-01
CVE-2012-5611
Version: 6
Platform(s): Oracle Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23326
 
Oval ID: oval:org.mitre.oval:def:23326
Title: ELSA-2013:0180: mysql security update (Important)
Description: Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
Family: unix Class: patch
Reference(s): ELSA-2013:0180-00
CVE-2012-2749
CVE-2012-5611
Version: 13
Platform(s): Oracle Linux 5
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27670
 
Oval ID: oval:org.mitre.oval:def:27670
Title: DEPRECATED: ELSA-2013-0180 -- mysql security update (important)
Description: [5.0.95-5] - Rebuild to fix wrong package tag Related: #892679 [5.0.95-4] - Add patches for CVE-2012-2122, CVE-2012-2749, CVE-2012-5611 Resolves: #892679
Family: unix Class: patch
Reference(s): ELSA-2013-0180
CVE-2012-2749
CVE-2012-5611
Version: 4
Platform(s): Oracle Linux 5
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26706
 
Oval ID: oval:org.mitre.oval:def:26706
Title: DEPRECATED: ELSA-2012-1551 -- mysql security update (important)
Description: [5.1.66-2] - Add backported patch for CVE-2012-5611 Resolves: CVE-2012-5611
Family: unix Class: patch
Reference(s): ELSA-2012-1551
CVE-2012-5611
Version: 4
Platform(s): Oracle Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16835
 
Oval ID: oval:org.mitre.oval:def:16835
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS)
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0386
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17266
 
Oval ID: oval:org.mitre.oval:def:17266
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0574
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.1
MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16877
 
Oval ID: oval:org.mitre.oval:def:16877
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.5.28 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-5096
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14934
 
Oval ID: oval:org.mitre.oval:def:14934
Title: USN-1397-1 -- MySQL vulnerabilities
Description: mysql-5.1: MySQL database - mysql-dfsg-5.1: MySQL database - mysql-dfsg-5.0: MySQL database Several security issues were fixed in MySQL.
Family: unix Class: patch
Reference(s): USN-1397-1
CVE-2007-5925
CVE-2008-3963
CVE-2008-4098
CVE-2008-4456
CVE-2008-7247
CVE-2009-2446
CVE-2009-4019
CVE-2009-4030
CVE-2009-4484
CVE-2010-1621
CVE-2010-1626
CVE-2010-1848
CVE-2010-1849
CVE-2010-1850
CVE-2010-2008
CVE-2010-3677
CVE-2010-3678
CVE-2010-3679
CVE-2010-3680
CVE-2010-3681
CVE-2010-3682
CVE-2010-3683
CVE-2010-3833
CVE-2010-3834
CVE-2010-3835
CVE-2010-3836
CVE-2010-3837
CVE-2010-3838
CVE-2010-3839
CVE-2010-3840
CVE-2011-2262
CVE-2012-0075
CVE-2012-0087
CVE-2012-0101
CVE-2012-0102
CVE-2012-0112
CVE-2012-0113
CVE-2012-0114
CVE-2012-0115
CVE-2012-0116
CVE-2012-0117
CVE-2012-0118
CVE-2012-0119
CVE-2012-0120
CVE-2012-0484
CVE-2012-0485
CVE-2012-0486
CVE-2012-0487
CVE-2012-0488
CVE-2012-0489
CVE-2012-0490
CVE-2012-0491
CVE-2012-0492
CVE-2012-0493
CVE-2012-0494
CVE-2012-0495
CVE-2012-0496
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 11.10
Ubuntu 8.04
Ubuntu 10.04
Ubuntu 10.10
Product(s): MySQL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21643
 
Oval ID: oval:org.mitre.oval:def:21643
Title: RHSA-2012:1462: mysql security update (Important)
Description: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
Family: unix Class: patch
Reference(s): RHSA-2012:1462-01
CESA-2012:1462
CVE-2012-0540
CVE-2012-1688
CVE-2012-1689
CVE-2012-1690
CVE-2012-1703
CVE-2012-1734
CVE-2012-2749
CVE-2012-3150
CVE-2012-3158
CVE-2012-3160
CVE-2012-3163
CVE-2012-3166
CVE-2012-3167
CVE-2012-3173
CVE-2012-3177
CVE-2012-3180
CVE-2012-3197
Version: 211
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17999
 
Oval ID: oval:org.mitre.oval:def:17999
Title: USN-1621-1 -- mysql-5.1, mysql-5.5, mysql-dfsg-5.1 vulnerabilities
Description: Several security issues were fixed in MySQL.
Family: unix Class: patch
Reference(s): USN-1621-1
CVE-2012-3144
CVE-2012-3147
CVE-2012-3149
CVE-2012-3150
CVE-2012-3156
CVE-2012-3158
CVE-2012-3160
CVE-2012-3163
CVE-2012-3166
CVE-2012-3167
CVE-2012-3173
CVE-2012-3177
CVE-2012-3180
CVE-2012-3197
Version: 7
Platform(s): Ubuntu 12.10
Ubuntu 12.04
Ubuntu 11.10
Ubuntu 10.04
Product(s): mysql-5.5
mysql-5.1
mysql-dfsg-5.1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23931
 
Oval ID: oval:org.mitre.oval:def:23931
Title: ELSA-2012:1462: mysql security update (Important)
Description: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
Family: unix Class: patch
Reference(s): ELSA-2012:1462-01
CVE-2012-0540
CVE-2012-1688
CVE-2012-1689
CVE-2012-1690
CVE-2012-1703
CVE-2012-1734
CVE-2012-2749
CVE-2012-3150
CVE-2012-3158
CVE-2012-3160
CVE-2012-3163
CVE-2012-3166
CVE-2012-3167
CVE-2012-3173
CVE-2012-3177
CVE-2012-3180
CVE-2012-3197
Version: 69
Platform(s): Oracle Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27464
 
Oval ID: oval:org.mitre.oval:def:27464
Title: DEPRECATED: ELSA-2012-1462 -- mysql security update (important)
Description: [5.1.66-1] - Update to 5.1.66, for assorted upstream bugfixes including CVEs announced in July and October 2012 Resolves: #871813
Family: unix Class: patch
Reference(s): ELSA-2012-1462
CVE-2012-0540
CVE-2012-1688
CVE-2012-1689
CVE-2012-1690
CVE-2012-1703
CVE-2012-1734
CVE-2012-2749
CVE-2012-3150
CVE-2012-3158
CVE-2012-3160
CVE-2012-3163
CVE-2012-3166
CVE-2012-3167
CVE-2012-3173
CVE-2012-3177
CVE-2012-3180
CVE-2012-3197
Version: 4
Platform(s): Oracle Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17268
 
Oval ID: oval:org.mitre.oval:def:17268
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Family: windows Class: vulnerability
Reference(s): CVE-2012-1705
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.1
MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23852
 
Oval ID: oval:org.mitre.oval:def:23852
Title: ELSA-2013:0772: mysql security update (Important)
Description: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
Family: unix Class: patch
Reference(s): ELSA-2013:0772-01
CVE-2012-5614
CVE-2013-1506
CVE-2013-1521
CVE-2013-1531
CVE-2013-1532
CVE-2013-1544
CVE-2013-1548
CVE-2013-1552
CVE-2013-1555
CVE-2013-2375
CVE-2013-2378
CVE-2013-2389
CVE-2013-2391
CVE-2013-2392
CVE-2013-3808
Version: 65
Platform(s): Oracle Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16758
 
Oval ID: oval:org.mitre.oval:def:16758
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Locking). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0383
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.1
MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17255
 
Oval ID: oval:org.mitre.oval:def:17255
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0368
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21000
 
Oval ID: oval:org.mitre.oval:def:21000
Title: RHSA-2013:0219: mysql security update (Moderate)
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Family: unix Class: patch
Reference(s): RHSA-2013:0219-02
CESA-2013:0219
CVE-2012-0572
CVE-2012-0574
CVE-2012-1702
CVE-2012-1705
CVE-2013-0375
CVE-2013-0383
CVE-2013-0384
CVE-2013-0385
CVE-2013-0389
Version: 129
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18161
 
Oval ID: oval:org.mitre.oval:def:18161
Title: USN-1703-1 -- mysql-5.1, mysql-5.5, mysql-dfsg-5.1 vulnerabilities
Description: Several security issues were fixed in MySQL.
Family: unix Class: patch
Reference(s): USN-1703-1
CVE-2012-0572
CVE-2012-0574
CVE-2012-0578
CVE-2012-1702
CVE-2012-1705
CVE-2012-5060
CVE-2012-5096
CVE-2012-5611
CVE-2012-5612
CVE-2013-0367
CVE-2013-0368
CVE-2013-0371
CVE-2013-0375
CVE-2013-0383
CVE-2013-0384
CVE-2013-0385
CVE-2013-0386
CVE-2013-0389
Version: 7
Platform(s): Ubuntu 12.10
Ubuntu 12.04
Ubuntu 11.10
Ubuntu 10.04
Product(s): mysql-5.5
mysql-5.1
mysql-dfsg-5.1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16825
 
Oval ID: oval:org.mitre.oval:def:16825
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS)
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0389
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.1
MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23738
 
Oval ID: oval:org.mitre.oval:def:23738
Title: ELSA-2013:0219: mysql security update (Moderate)
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Family: unix Class: patch
Reference(s): ELSA-2013:0219-02
CVE-2012-0572
CVE-2012-0574
CVE-2012-1702
CVE-2012-1705
CVE-2013-0375
CVE-2013-0383
CVE-2013-0384
CVE-2013-0385
CVE-2013-0389
Version: 41
Platform(s): Oracle Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27382
 
Oval ID: oval:org.mitre.oval:def:27382
Title: DEPRECATED: ELSA-2013-0219 -- mysql security update (moderate)
Description: [5.1.67-1] - Update to 5.1.67, for assorted upstream bugfixes including CVEs announced in January 2013 Resolves: #901380
Family: unix Class: patch
Reference(s): ELSA-2013-0219
CVE-2012-0572
CVE-2012-0574
CVE-2012-1702
CVE-2012-1705
CVE-2013-0375
CVE-2013-0383
CVE-2013-0384
CVE-2013-0385
CVE-2013-0389
Version: 4
Platform(s): Oracle Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17175
 
Oval ID: oval:org.mitre.oval:def:17175
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.1.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all MySQL Server accessible data as well as read access to all MySQL Server accessible data
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0375
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.1
MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17186
 
Oval ID: oval:org.mitre.oval:def:17186
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-1702
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.1
MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17077
 
Oval ID: oval:org.mitre.oval:def:17077
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Partition). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0367
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15023
 
Oval ID: oval:org.mitre.oval:def:15023
Title: DSA-2429-1 mysql-5.1 -- several
Description: Several security vulnerabilities were discovered in MySQL, a database management system. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.61, which includes additional changes, such as performance improvements and corrections for data loss defects
Family: unix Class: patch
Reference(s): DSA-2429-1
CVE-2011-2262
CVE-2012-0075
CVE-2012-0087
CVE-2012-0101
CVE-2012-0102
CVE-2012-0112
CVE-2012-0113
CVE-2012-0114
CVE-2012-0115
CVE-2012-0116
CVE-2012-0118
CVE-2012-0119
CVE-2012-0120
CVE-2012-0484
CVE-2012-0485
CVE-2012-0490
CVE-2012-0492
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): mysql-5.1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27833
 
Oval ID: oval:org.mitre.oval:def:27833
Title: DEPRECATED: ELSA-2012-0105 -- mysql security update (important)
Description: [5.1.61-1.el6_2.1] - Update to 5.1.61, for assorted upstream bugfixes including numerous CVEs announced in January 2012 Resolves: #787191
Family: unix Class: patch
Reference(s): ELSA-2012-0105
CVE-2011-2262
CVE-2012-0075
CVE-2012-0087
CVE-2012-0101
CVE-2012-0102
CVE-2012-0112
CVE-2012-0113
CVE-2012-0114
CVE-2012-0115
CVE-2012-0116
CVE-2012-0118
CVE-2012-0119
CVE-2012-0120
CVE-2012-0484
CVE-2012-0485
CVE-2012-0490
CVE-2012-0492
Version: 4
Platform(s): Oracle Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16792
 
Oval ID: oval:org.mitre.oval:def:16792
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0572
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.1
MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19860
 
Oval ID: oval:org.mitre.oval:def:19860
Title: DSA-2496-1 mysql-5.1 - several
Description: Due to the non-disclosure of security patch information from Oracle, we are forced to ship an upstream version update of MySQL 5.1. There are several known incompatible changes, which are listed in /usr/share/doc/mysql-server/NEWS.Debian.gz.
Family: unix Class: patch
Reference(s): DSA-2496-1
CVE-2012-0540
CVE-2012-0583
CVE-2012-1688
CVE-2012-1689
CVE-2012-1690
CVE-2012-1703
CVE-2012-1734
CVE-2012-2102
CVE-2012-2122
CVE-2012-2749
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): mysql-5.1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16947
 
Oval ID: oval:org.mitre.oval:def:16947
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0578
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27608
 
Oval ID: oval:org.mitre.oval:def:27608
Title: DEPRECATED: ELSA-2013-0772 -- mysql security update (important)
Description: [5.1.69-1] - Update to 5.1.69, for assorted upstream bugfixes including CVEs announced in April 2013 Resolves: #953084
Family: unix Class: patch
Reference(s): ELSA-2013-0772
CVE-2012-5614
CVE-2013-1521
CVE-2013-1531
CVE-2013-1555
CVE-2013-2391
CVE-2013-2392
CVE-2013-1532
CVE-2013-1544
CVE-2013-1548
CVE-2013-1552
CVE-2013-2375
CVE-2013-1506
CVE-2013-2378
CVE-2013-2389
Version: 4
Platform(s): Oracle Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20957
 
Oval ID: oval:org.mitre.oval:def:20957
Title: RHSA-2012:0127: mysql security update (Moderate)
Description: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.
Family: unix Class: patch
Reference(s): RHSA-2012:0127-01
CESA-2012:0127
CVE-2010-1849
CVE-2012-0075
CVE-2012-0087
CVE-2012-0101
CVE-2012-0102
CVE-2012-0114
CVE-2012-0484
CVE-2012-0490
Version: 107
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23295
 
Oval ID: oval:org.mitre.oval:def:23295
Title: ELSA-2012:0127: mysql security update (Moderate)
Description: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2012:0127-01
CVE-2010-1849
CVE-2012-0075
CVE-2012-0087
CVE-2012-0101
CVE-2012-0102
CVE-2012-0114
CVE-2012-0484
CVE-2012-0490
Version: 37
Platform(s): Oracle Linux 5
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21489
 
Oval ID: oval:org.mitre.oval:def:21489
Title: RHSA-2012:0874: mysql security and enhancement update (Low)
Description: MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.
Family: unix Class: patch
Reference(s): RHSA-2012:0874-04
CESA-2012:0874
CVE-2012-2102
Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23903
 
Oval ID: oval:org.mitre.oval:def:23903
Title: ELSA-2012:0874: mysql security and enhancement update (Low)
Description: MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.
Family: unix Class: patch
Reference(s): ELSA-2012:0874-04
CVE-2012-2102
Version: 6
Platform(s): Oracle Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27779
 
Oval ID: oval:org.mitre.oval:def:27779
Title: DEPRECATED: ELSA-2012-0874 -- mysql security and enhancement update (low)
Description: [5.1.61-4] - Add backported patch for CVE-2012-2102 Resolves: #812435 [5.1.61-3] - Enable innodb plugin, but only on x86 and x86_64 architectures Resolves: #740224
Family: unix Class: patch
Reference(s): ELSA-2012-0874
CVE-2012-2102
Version: 4
Platform(s): Oracle Linux 6
Product(s): mysql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17885
 
Oval ID: oval:org.mitre.oval:def:17885
Title: USN-1467-1 -- mysql-5.1, mysql-5.5, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities
Description: Several security issues were fixed in MySQL.
Family: unix Class: patch
Reference(s): USN-1467-1
CVE-2012-2122
Version: 7
Platform(s): Ubuntu 12.04
Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.04
Ubuntu 8.04
Product(s): mysql-5.5
mysql-5.1
mysql-dfsg-5.1
mysql-dfsg-5.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16960
 
Oval ID: oval:org.mitre.oval:def:16960
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Parser). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution
Description: Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.
Family: windows Class: vulnerability
Reference(s): CVE-2012-5612
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25951
 
Oval ID: oval:org.mitre.oval:def:25951
Title: SUSE-SU-2013:0262-1 -- Security update for MySQL
Description: A stack-based buffer overflow in MySQL has been fixed that could have caused a Denial of Service or potentially allowed the execution of arbitrary code (CVE-2012-5611).
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0262-1
CVE-2012-5611
CVE-2012-5615
CVE-2012-5613
CVE-2012-5612
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): MySQL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16632
 
Oval ID: oval:org.mitre.oval:def:16632
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Information Schema). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS)
Description: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0384
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): MySQL Server 5.1
MySQL Server 5.5
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application16
Application1
Application48
Application330
Application22
Application1
Application99
Application1
Application40
Os4
Os2
Os1
Os1
Os1
Os1
Os1
Os1
Os1

SAINT Exploits

DescriptionLink
MySQL FILE privilege elevationMore info here

OpenVAS Exploits

DateDescription
2013-09-18Name : Debian Security Advisory DSA 2581-1 (mysql-5.1 - several vulnerabilities)
File : nvt/deb_2581_1.nasl
2012-12-26Name : Fedora Update for mysql FEDORA-2012-19823
File : nvt/gb_fedora_2012_19823_mysql_fc16.nasl
2012-12-18Name : Fedora Update for mysql FEDORA-2012-19833
File : nvt/gb_fedora_2012_19833_mysql_fc17.nasl
2012-12-13Name : SuSE Update for mysql openSUSE-SU-2012:0860-1 (mysql)
File : nvt/gb_suse_2012_0860_1.nasl
2012-12-11Name : Ubuntu Update for mysql-5.5 USN-1658-1
File : nvt/gb_ubuntu_USN_1658_1.nasl
2012-12-10Name : RedHat Update for mysql RHSA-2012:1551-01
File : nvt/gb_RHSA-2012_1551-01_mysql.nasl
2012-12-10Name : Mandriva Update for mysql MDVSA-2012:178 (mysql)
File : nvt/gb_mandriva_MDVSA_2012_178.nasl
2012-12-10Name : CentOS Update for mysql CESA-2012:1551 centos6
File : nvt/gb_CESA-2012_1551_mysql_centos6.nasl
2012-12-07Name : MySQL Authentication Error Message User Enumeration Vulnerability
File : nvt/gb_oracle_mysql_old_auth_user_enum_vuln.nasl
2012-11-26Name : Oracle MySQL Server Multiple Vulnerabilities-01 Nov12 (Windows)
File : nvt/gb_oracle_mysql_multiple_vuln01_nov12_win.nasl
2012-11-26Name : Oracle MySQL Server Multiple Vulnerabilities-02 Nov12 (Windows)
File : nvt/gb_oracle_mysql_multiple_vuln02_nov12_win.nasl
2012-11-26Name : Oracle MySQL Server Multiple Vulnerabilities-03 Nov12 (Windows)
File : nvt/gb_oracle_mysql_multiple_vuln03_nov12_win.nasl
2012-11-15Name : RedHat Update for mysql RHSA-2012:1462-01
File : nvt/gb_RHSA-2012_1462-01_mysql.nasl
2012-11-15Name : CentOS Update for mysql CESA-2012:1462 centos6
File : nvt/gb_CESA-2012_1462_mysql_centos6.nasl
2012-11-06Name : Ubuntu Update for mysql-5.5 USN-1621-1
File : nvt/gb_ubuntu_USN_1621_1.nasl
2012-08-30Name : Fedora Update for mysql FEDORA-2012-9308
File : nvt/gb_fedora_2012_9308_mysql_fc17.nasl
2012-08-10Name : Debian Security Advisory DSA 2496-1 (mysql-5.1)
File : nvt/deb_2496_1.nasl
2012-07-30Name : CentOS Update for mysql CESA-2012:0874 centos6
File : nvt/gb_CESA-2012_0874_mysql_centos6.nasl
2012-07-30Name : CentOS Update for mysql CESA-2012:0105 centos6
File : nvt/gb_CESA-2012_0105_mysql_centos6.nasl
2012-07-30Name : CentOS Update for mysql CESA-2012:0127 centos5
File : nvt/gb_CESA-2012_0127_mysql_centos5.nasl
2012-07-09Name : RedHat Update for mysql RHSA-2012:0105-01
File : nvt/gb_RHSA-2012_0105-01_mysql.nasl
2012-06-28Name : Fedora Update for mysql FEDORA-2012-9324
File : nvt/gb_fedora_2012_9324_mysql_fc16.nasl
2012-06-22Name : RedHat Update for mysql RHSA-2012:0874-04
File : nvt/gb_RHSA-2012_0874-04_mysql.nasl
2012-06-15Name : Ubuntu Update for mysql-5.5 USN-1467-1
File : nvt/gb_ubuntu_USN_1467_1.nasl
2012-06-11Name : MySQL Authentication Bypass
File : nvt/mysql_auth_bypas_cve_2012_2122.nasl
2012-04-30Name : Debian Security Advisory DSA 2429-1 (mysql-5.1)
File : nvt/deb_2429_1.nasl
2012-04-02Name : Fedora Update for mysql FEDORA-2012-0972
File : nvt/gb_fedora_2012_0972_mysql_fc16.nasl
2012-03-16Name : Ubuntu Update for mysql-5.1 USN-1397-1
File : nvt/gb_ubuntu_USN_1397_1.nasl
2012-02-21Name : RedHat Update for mysql RHSA-2012:0127-01
File : nvt/gb_RHSA-2012_0127-01_mysql.nasl
2012-02-13Name : Fedora Update for mysql FEDORA-2012-0987
File : nvt/gb_fedora_2012_0987_mysql_fc15.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
78394Oracle MySQL Server Unspecified Remote DoS (2012-0493)
78393Oracle MySQL Server Unspecified Remote DoS (2012-0492)
78392Oracle MySQL Server Unspecified Remote DoS (2012-0117)
78391Oracle MySQL Server Unspecified Remote DoS (2012-0112)
78390Oracle MySQL Server Unspecified Remote DoS (2012-0495)
78389Oracle MySQL Server Unspecified Remote DoS (2012-0491)
78388Oracle MySQL Server Unspecified Remote DoS (2012-0490)
78387Oracle MySQL Server Unspecified Remote DoS (2012-0489)
78386Oracle MySQL Server Unspecified Remote DoS (2012-0488)
78385Oracle MySQL Server Unspecified Remote DoS (2012-0487)
78384Oracle MySQL Server Unspecified Remote DoS (2012-0486)
78383Oracle MySQL Server Unspecified Remote DoS (2012-0485)
78382Oracle MySQL Server Unspecified Remote DoS (2012-0120)
78381Oracle MySQL Server Unspecified Remote DoS (2012-0119)
78380Oracle MySQL Server Unspecified Remote DoS (2012-0115)
78379Oracle MySQL Server Unspecified Remote DoS (2012-0102)
78378Oracle MySQL Server Unspecified Remote DoS (2012-0101)
78377Oracle MySQL Server Unspecified Remote DoS (2012-0087)
78376Oracle MySQL Server Unspecified Remote DoS (2011-2262)
78375Oracle MySQL Server Unspecified Local DoS
78374Oracle MySQL Server Unspecified Remote Issue (2012-0075)
78373Oracle MySQL Server Unspecified Local Issue
78372Oracle MySQL Server Unspecified Remote Information Disclosure
78371Oracle MySQL Server Unspecified Remote Issue (2012-0496)
78370Oracle MySQL Server Unspecified Remote Issue (2012-0118)
78369Oracle MySQL Server Unspecified Remote Issue (2012-0116)
78368Oracle MySQL Server Unspecified Remote Issue (2012-0113)

Snort® IPS/IDS

DateDescription
2015-01-06Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt
RuleID : 32651 - Revision : 2 - Type : SERVER-MYSQL
2015-01-06Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt
RuleID : 32650 - Revision : 2 - Type : SERVER-MYSQL
2015-01-06Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt
RuleID : 32649 - Revision : 2 - Type : SERVER-MYSQL
2015-01-06Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt
RuleID : 32648 - Revision : 2 - Type : SERVER-MYSQL
2015-01-06Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt
RuleID : 32647 - Revision : 2 - Type : SERVER-MYSQL
2014-01-10Oracle MySQL MDL free corrupted pointer heap overflow attempt
RuleID : 24910 - Revision : 3 - Type : SERVER-MYSQL
2014-01-10Oracle MySQL select UpdateXML nested xml elements denial of service attempt
RuleID : 24909 - Revision : 2 - Type : SERVER-MYSQL
2014-01-10Oracle MySQL user enumeration attempt
RuleID : 24908 - Revision : 6 - Type : SERVER-MYSQL
2014-01-10Oracle MySQL grant file long database name stack overflow attempt
RuleID : 24897 - Revision : 4 - Type : SERVER-MYSQL
2014-01-10MySQL/MariaDB client authentication bypass attempt
RuleID : 23115 - Revision : 7 - Type : SERVER-MYSQL

Nessus® Vulnerability Scanner

DateDescription
2015-05-20Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0743-1.nasl - Type : ACT_GATHER_INFO
2015-03-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-091.nasl - Type : ACT_GATHER_INFO
2015-03-30Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libmysql55client18-150302.nasl - Type : ACT_GATHER_INFO
2014-12-22Name : The remote device is affected by multiple vulnerabilities.
File : juniper_space_jsa10601.nasl - Type : ACT_GATHER_INFO
2014-12-22Name : The remote device is affected by multiple vulnerabilities.
File : juniper_space_jsa10627.nasl - Type : ACT_GATHER_INFO
2014-12-03Name : The remote Fedora host is missing a security update.
File : fedora_2014-14791.nasl - Type : ACT_GATHER_INFO
2014-11-21Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1859.nasl - Type : ACT_GATHER_INFO
2014-11-21Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1861.nasl - Type : ACT_GATHER_INFO
2014-11-18Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1859.nasl - Type : ACT_GATHER_INFO
2014-11-18Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1861.nasl - Type : ACT_GATHER_INFO
2014-11-18Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1859.nasl - Type : ACT_GATHER_INFO
2014-11-18Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1861.nasl - Type : ACT_GATHER_INFO
2014-10-21Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3054.nasl - Type : ACT_GATHER_INFO
2014-10-16Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2384-1.nasl - Type : ACT_GATHER_INFO
2014-10-10Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL14410.nasl - Type : ACT_GATHER_INFO
2014-10-10Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL14907.nasl - Type : ACT_GATHER_INFO
2014-09-12Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_5_39.nasl - Type : ACT_GATHER_INFO
2014-09-12Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_6_20.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-4.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-5.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-6.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-273.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-274.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-276.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-332.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-378.nasl - Type : ACT_GATHER_INFO
2014-02-06Name : The remote database server is affected by multiple vulnerabilities.
File : mariadb_5_5_32.nasl - Type : ACT_GATHER_INFO
2013-12-17Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2818.nasl - Type : ACT_GATHER_INFO
2013-11-27Name : The remote database server may be affected by a security bypass vulnerability.
File : mysql_com_change_user_bruteforce_weakness.nasl - Type : ACT_GATHER_INFO
2013-10-08Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libmysql55client18-130926.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-141.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-144.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-145.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-44.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-92.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-93.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-152.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-186.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-187.nasl - Type : ACT_GATHER_INFO
2013-08-30Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libmysql55client18-130815.nasl - Type : ACT_GATHER_INFO
2013-08-30Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201308-06.nasl - Type : ACT_GATHER_INFO
2013-07-26Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1909-1.nasl - Type : ACT_GATHER_INFO
2013-07-17Name : The remote database server may be affected by multiple vulnerabilities.
File : mysql_5_1_70.nasl - Type : ACT_GATHER_INFO
2013-07-17Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_5_32.nasl - Type : ACT_GATHER_INFO
2013-07-17Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_6_12.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0219.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0874.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0772.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1462.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1551.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0105.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0127.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0180.nasl - Type : ACT_GATHER_INFO
2013-05-13Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2667.nasl - Type : ACT_GATHER_INFO
2013-04-30Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0772.nasl - Type : ACT_GATHER_INFO
2013-04-26Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130425_mysql_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-04-26Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0772.nasl - Type : ACT_GATHER_INFO
2013-04-26Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1807-2.nasl - Type : ACT_GATHER_INFO
2013-04-25Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1807-1.nasl - Type : ACT_GATHER_INFO
2013-04-22Name : The remote database server may be affected by multiple vulnerabilities.
File : mysql_5_1_69.nasl - Type : ACT_GATHER_INFO
2013-04-22Name : The remote database server may be affected by multiple vulnerabilities.
File : mysql_5_5_31.nasl - Type : ACT_GATHER_INFO
2013-04-22Name : The remote database server may be affected by multiple vulnerabilities.
File : mysql_5_6_11.nasl - Type : ACT_GATHER_INFO
2013-04-20Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-102.nasl - Type : ACT_GATHER_INFO
2013-03-29Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_1_68.nasl - Type : ACT_GATHER_INFO
2013-03-29Name : The remote database server is affected by a buffer overflow vulnerability.
File : mysql_5_5_30.nasl - Type : ACT_GATHER_INFO
2013-03-29Name : The remote database server is affected by multiple vulnerabilities.
File : mariadb_5_5_28.nasl - Type : ACT_GATHER_INFO
2013-03-29Name : The remote database server is affected by multiple vulnerabilities.
File : mariadb_5_5_30.nasl - Type : ACT_GATHER_INFO
2013-02-28Name : The remote database server is affected by multiple vulnerabilities.
File : mariadb_5_1_67.nasl - Type : ACT_GATHER_INFO
2013-02-28Name : The remote database server is affected by multiple vulnerabilities.
File : mariadb_5_2_14.nasl - Type : ACT_GATHER_INFO
2013-02-28Name : The remote database server is affected by multiple vulnerabilities.
File : mariadb_5_3_12.nasl - Type : ACT_GATHER_INFO
2013-02-28Name : The remote database server is affected by multiple vulnerabilities.
File : mariadb_5_5_29.nasl - Type : ACT_GATHER_INFO
2013-02-10Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libmysqlclient-devel-121227.nasl - Type : ACT_GATHER_INFO
2013-02-09Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-007.nasl - Type : ACT_GATHER_INFO
2013-02-04Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130131_mysql_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-02-04Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_8c773d7f6cbb11e2b242c8600054b392.nasl - Type : ACT_GATHER_INFO
2013-02-01Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0219.nasl - Type : ACT_GATHER_INFO
2013-02-01Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0219.nasl - Type : ACT_GATHER_INFO
2013-01-28Name : The remote database server has an information disclosure vulnerability.
File : mysql_user_enumeration.nasl - Type : ACT_GATHER_INFO
2013-01-25Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libmysqlclient-devel-120731.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0180.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130122_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-01-23Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0180.nasl - Type : ACT_GATHER_INFO
2013-01-23Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1703-1.nasl - Type : ACT_GATHER_INFO
2013-01-18Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_1_67.nasl - Type : ACT_GATHER_INFO
2013-01-18Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_5_29.nasl - Type : ACT_GATHER_INFO
2013-01-14Name : The remote Fedora host is missing a security update.
File : fedora_2012-19868.nasl - Type : ACT_GATHER_INFO
2012-12-24Name : The remote Fedora host is missing a security update.
File : fedora_2012-19823.nasl - Type : ACT_GATHER_INFO
2012-12-17Name : The remote Fedora host is missing a security update.
File : fedora_2012-19833.nasl - Type : ACT_GATHER_INFO
2012-12-11Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1658-1.nasl - Type : ACT_GATHER_INFO
2012-12-11Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1551.nasl - Type : ACT_GATHER_INFO
2012-12-10Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-178.nasl - Type : ACT_GATHER_INFO
2012-12-09Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1551.nasl - Type : ACT_GATHER_INFO
2012-12-08Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20121207_mysql_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-12-05Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2581.nasl - Type : ACT_GATHER_INFO
2012-12-04Name : The remote database server is affected by a buffer overflow vulnerability.
File : mariadb_5_1_66.nasl - Type : ACT_GATHER_INFO
2012-12-04Name : The remote database server is affected by a buffer overflow vulnerability.
File : mariadb_5_2_13.nasl - Type : ACT_GATHER_INFO
2012-12-04Name : The remote database server is affected by a buffer overflow vulnerability.
File : mariadb_5_3_11.nasl - Type : ACT_GATHER_INFO
2012-12-04Name : The remote database server is affected by a buffer overflow vulnerability.
File : mariadb_5_5_28a.nasl - Type : ACT_GATHER_INFO
2012-11-16Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20121114_mysql_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-11-15Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1462.nasl - Type : ACT_GATHER_INFO
2012-11-15Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1462.nasl - Type : ACT_GATHER_INFO
2012-11-06Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1621-1.nasl - Type : ACT_GATHER_INFO
2012-10-19Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_1_64.nasl - Type : ACT_GATHER_INFO
2012-10-19Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_1_65.nasl - Type : ACT_GATHER_INFO
2012-10-19Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_1_66.nasl - Type : ACT_GATHER_INFO
2012-10-19Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_5_26.nasl - Type : ACT_GATHER_INFO
2012-10-19Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_5_27.nasl - Type : ACT_GATHER_INFO
2012-10-19Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_5_28.nasl - Type : ACT_GATHER_INFO
2012-08-02Name : The remote database server can be accessed without a valid password.
File : mysql_auth_bypass.nasl - Type : ACT_ATTACK
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120208_mysql_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120213_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120620_mysql_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-07-13Name : The remote database server is affected by multiple unspecified vulnerabilities.
File : mysql_5_5_23.nasl - Type : ACT_GATHER_INFO
2012-07-11Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0874.nasl - Type : ACT_GATHER_INFO
2012-06-29Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2496.nasl - Type : ACT_GATHER_INFO
2012-06-27Name : The remote Fedora host is missing a security update.
File : fedora_2012-9324.nasl - Type : ACT_GATHER_INFO
2012-06-20Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0874.nasl - Type : ACT_GATHER_INFO
2012-06-18Name : The remote Fedora host is missing a security update.
File : fedora_2012-9308.nasl - Type : ACT_GATHER_INFO
2012-06-12Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1467-1.nasl - Type : ACT_GATHER_INFO
2012-06-11Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_1_63.nasl - Type : ACT_GATHER_INFO
2012-06-11Name : The remote database server is affected by a security bypass vulnerability.
File : mysql_5_5_24.nasl - Type : ACT_GATHER_INFO
2012-04-19Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_1_62.nasl - Type : ACT_GATHER_INFO
2012-04-11Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_5_22.nasl - Type : ACT_GATHER_INFO
2012-03-13Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1397-1.nasl - Type : ACT_GATHER_INFO
2012-03-08Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2429.nasl - Type : ACT_GATHER_INFO
2012-02-15Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0127.nasl - Type : ACT_GATHER_INFO
2012-02-14Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0127.nasl - Type : ACT_GATHER_INFO
2012-02-13Name : The remote Fedora host is missing a security update.
File : fedora_2012-0987.nasl - Type : ACT_GATHER_INFO
2012-02-10Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0105.nasl - Type : ACT_GATHER_INFO
2012-02-09Name : The remote Fedora host is missing a security update.
File : fedora_2012-0972.nasl - Type : ACT_GATHER_INFO
2012-02-09Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0105.nasl - Type : ACT_GATHER_INFO
2012-01-19Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_0_95.nasl - Type : ACT_GATHER_INFO
2012-01-19Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_1_61.nasl - Type : ACT_GATHER_INFO
2012-01-19Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_5_20.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2014-02-17 11:37:42
  • Multiple Updates
2013-10-11 13:30:14
  • Multiple Updates
2013-10-01 21:23:28
  • Multiple Updates
2013-08-29 13:19:11
  • First insertion