Executive Summary
Summary | |
---|---|
Title | MySQL vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-1397-1 | First vendor Publication | 2012-03-12 |
Vendor | Ubuntu | Last vendor Modification | 2012-03-12 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 8.5 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Several security issues were fixed in MySQL. Software Description: - mysql-5.1: MySQL database - mysql-dfsg-5.1: MySQL database - mysql-dfsg-5.0: MySQL database Details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.95. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: Ubuntu 11.04: Ubuntu 10.10: Ubuntu 10.04 LTS: Ubuntu 8.04 LTS: In general, a standard system update will make all the necessary changes. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-1397-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
29 % | CWE-399 | Resource Management Errors |
19 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
10 % | CWE-264 | Permissions, Privileges, and Access Controls |
10 % | CWE-134 | Uncontrolled Format String (CWE/SANS Top 25) |
5 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
5 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
5 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
5 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
5 % | CWE-77 | Improper Sanitization of Special Elements used in a Command ('Command Injection') |
5 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
5 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10258 | |||
Oval ID: | oval:org.mitre.oval:def:10258 | ||
Title: | Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name. | ||
Description: | Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1848 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10521 | |||
Oval ID: | oval:org.mitre.oval:def:10521 | ||
Title: | MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement. | ||
Description: | MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3963 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10591 | |||
Oval ID: | oval:org.mitre.oval:def:10591 | ||
Title: | MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097. | ||
Description: | MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4098 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10846 | |||
Oval ID: | oval:org.mitre.oval:def:10846 | ||
Title: | Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name. | ||
Description: | Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1850 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11116 | |||
Oval ID: | oval:org.mitre.oval:def:11116 | ||
Title: | MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079. | ||
Description: | MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-4030 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11349 | |||
Oval ID: | oval:org.mitre.oval:def:11349 | ||
Title: | mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement. | ||
Description: | mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-4019 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11390 | |||
Oval ID: | oval:org.mitre.oval:def:11390 | ||
Title: | The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error. | ||
Description: | The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-5925 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11456 | |||
Oval ID: | oval:org.mitre.oval:def:11456 | ||
Title: | Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67. | ||
Description: | Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4456 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11765 | |||
Oval ID: | oval:org.mitre.oval:def:11765 | ||
Title: | DSA-2057 mysql-dfsg-5.0 -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: MySQL allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command. MySQL failed to check the table name argument of a COM_FIELD_LIST command packet for validity and compliance to acceptable table name standards. This allows an authenticated user with SELECT privileges on one table to obtain the field definitions of any table in all other databases and potentially of other MySQL instances accessible from the server's file system. MySQL could be tricked to read packets indefinitely if it received a packet larger than the maximum size of one packet. This results in high CPU usage and thus denial of service conditions. MySQL was susceptible to a buffer-overflow attack due to a failure to perform bounds checking on the table name argument of a COM_FIELD_LIST command packet. By sending long data for the table name, a buffer is overflown, which could be exploited by an authenticated user to inject malicious code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2057 CVE-2010-1626 CVE-2010-1848 CVE-2010-1849 CVE-2010-1850 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | mysql-dfsg-5.0 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11857 | |||
Oval ID: | oval:org.mitre.oval:def:11857 | ||
Title: | Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information. | ||
Description: | Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2446 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11869 | |||
Oval ID: | oval:org.mitre.oval:def:11869 | ||
Title: | Oracle MySQL 'ALTER DATABASE' Remote Denial Of Service Vulnerability | ||
Description: | MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2008 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 | Product(s): | MySQL Server 5.1 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:12161 | |||
Oval ID: | oval:org.mitre.oval:def:12161 | ||
Title: | DSA-2143-1 mysql-dfsg-5.0 -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3677 It was discovered that MySQL allows remote authenticated users to cause a denial of service via a join query that uses a table with a unique SET column. CVE-2010-3680 It was discovered that MySQL allows remote authenticated users to cause a denial of service by creating temporary tables while using InnoDB, which triggers an assertion failure. CVE-2010-3681 It was discovered that MySQL allows remote authenticated users to cause a denial of service by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure. CVE-2010-3682 It was discovered that MySQL incorrectly handled use of EXPLAIN with certain queries. An authenticated user could crash the server. CVE-2010-3833 It was discovered that MySQL incorrectly handled propagation during evaluation of arguments to extreme-value functions. An authenticated user could crash the server. CVE-2010-3834 It was discovered that MySQL incorrectly handled materializing a derived table that required a temporary table for grouping. An authenticated user could crash the server. CVE-2010-3835 It was discovered that MySQL incorrectly handled certain user-variable assignment expressions that are evaluated in a logical expression context. An authenticated user could crash the server. CVE-2010-3836 It was discovered that MySQL incorrectly handled pre-evaluation of LIKE predicates during view preparation. An authenticated user could crash the server. CVE-2010-3837 It was discovered that MySQL incorrectly handled using GROUP_CONCAT and WITH ROLLUP together. An authenticated user could crash the server. CVE-2010-3838 It was discovered that MySQL incorrectly handled certain queries using a mixed list of numeric and LONGBLOB arguments to the GREATEST or LEAST functions. An authenticated user could crash the server. CVE-2010-3840 It was discovered that MySQL incorrectly handled improper WKB data passed to the PolyFromWKB function. An authenticated user could crash the server. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2143-1 CVE-2010-3677 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3833 CVE-2010-3834 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3840 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | mysql-dfsg-5.0 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:12751 | |||
Oval ID: | oval:org.mitre.oval:def:12751 | ||
Title: | DSA-1877-1 mysql-dfsg-5.0 -- denial of service/execution of arbitrary code | ||
Description: | In MySQL 4.0.0 through 5.0.83, multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld allow remote authenticated users to cause a denial of service and potentially the execution of arbitrary code via format string specifiers in a database name in a COM_CREATE_DB or COM_DROP_DB request. For the stable distribution, this problem has been fixed in version 5.0.51a-24+lenny2. For the old stable distribution, this problem has been fixed in version 5.0.32-7etch11. We recommend that you upgrade your mysql packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1877-1 CVE-2009-2446 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | mysql-dfsg-5.0 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12968 | |||
Oval ID: | oval:org.mitre.oval:def:12968 | ||
Title: | USN-950-1 -- mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities | ||
Description: | It was discovered that MySQL did not check privileges before uninstalling plugins. An authenticated user could uninstall arbitrary plugins, bypassing intended restrictions. This issue only affected Ubuntu 9.10 and 10.04 LTS. It was discovered that MySQL could be made to delete another user�s data and index files. An authenticated user could use symlinks combined with the DROP TABLE command to possibly bypass privilege checks. It was discovered that MySQL incorrectly validated the table name argument of the COM_FIELD_LIST command. An authenticated user could use a specially- crafted table name to bypass privilege checks and possibly access other tables. Eric Day discovered that MySQL incorrectly handled certain network packets. A remote attacker could exploit this flaw and cause the server to consume all available resources, resulting in a denial of service. It was discovered that MySQL performed incorrect bounds checking on the table name argument of the COM_FIELD_LIST command. An authenticated user could use a specially-crafted table name to cause a denial of service or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service | ||
Family: | unix | Class: | patch |
Reference(s): | USN-950-1 CVE-2010-1621 CVE-2010-1626 CVE-2010-1848 CVE-2010-1849 CVE-2010-1850 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | mysql-dfsg-5.0 mysql-dfsg-5.1 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13088 | |||
Oval ID: | oval:org.mitre.oval:def:13088 | ||
Title: | USN-897-1 -- mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities | ||
Description: | It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This update alters table creation behaviour by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. This issue only affected Ubuntu 8.10. It was discovered that MySQL contained a cross-site scripting vulnerability in the command-line client when the --html option is enabled. An attacker could place arbitrary web script or html in a database cell, which would then get placed in the html document output by the command-line tool. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use symlinks combined with the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This issue only affected Ubuntu 9.10. It was discovered that MySQL contained multiple format string flaws when logging database creation and deletion. An authenticated user could use specially crafted database names to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. It was discovered that MySQL incorrectly handled errors when performing certain SELECT statements, and did not preserve correct flags when performing statements that use the GeomFromWKB function. An authenticated user could exploit this to make MySQL crash, causing a denial of service. It was discovered that MySQL incorrectly checked symlinks when using the DATA DIRECTORY and INDEX DIRECTORY options. A local user could use symlinks to create tables that pointed to tables known to be created at a later time, bypassing access restrictions. It was discovered that MySQL contained a buffer overflow when parsing ssl certificates. A remote attacker could send crafted requests and cause a denial of service or possibly execute arbitrary code. This issue did not affect Ubuntu 6.06 LTS and the default compiler options for affected releases should reduce the vulnerability to a denial of service. In the default installation, attackers would also be isolated by the AppArmor MySQL profile | ||
Family: | unix | Class: | patch |
Reference(s): | USN-897-1 CVE-2008-4098 CVE-2008-4456 CVE-2008-7247 CVE-2009-2446 CVE-2009-4019 CVE-2009-4030 CVE-2009-4484 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | mysql-dfsg-5.0 mysql-dfsg-5.1 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13286 | |||
Oval ID: | oval:org.mitre.oval:def:13286 | ||
Title: | DSA-2057-1 mysql-dfsg-5.0 -- several | ||
Description: | Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1626 MySQL allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command. CVE-2010-1848 MySQL failed to check the table name argument of a COM_FIELD_LIST command packet for validity and compliance to acceptable table name standards. This allows an authenticated user with SELECT privileges on one table to obtain the field definitions of any table in all other databases and potentially of other MySQL instances accessible from the server's file system. CVE-2010-1849 MySQL could be tricked to read packets indefinitely if it received a packet larger than the maximum size of one packet. This results in high CPU usage and thus denial of service conditions. CVE-2010-1850 MySQL was susceptible to a buffer-overflow attack due to a failure to perform bounds checking on the table name argument of a COM_FIELD_LIST command packet. By sending long data for the table name, a buffer is overflown, which could be exploited by an authenticated user to inject malicious code. For the stable distribution, these problems have been fixed in version 5.0.51a-24+lenny4 The testing and unstable distribution do not contain mysql-dfsg-5.0 anymore. We recommend that you upgrade your mysql-dfsg-5.0 package. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2057-1 CVE-2010-1626 CVE-2010-1848 CVE-2010-1849 CVE-2010-1850 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | mysql-dfsg-5.0 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13602 | |||
Oval ID: | oval:org.mitre.oval:def:13602 | ||
Title: | USN-1017-1 -- mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities | ||
Description: | It was discovered that MySQL incorrectly handled certain requests with the UPGRADE DATA DIRECTORY NAME command. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled joins involving a table with a unique SET column. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled NULL arguments to IN or CASE operations. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled malformed arguments to the BINLOG statement. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled the use of TEMPORARY InnoDB tables with nullable columns. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled alternate reads from two indexes on a table using the HANDLER interface. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled use of EXPLAIN with certain queries. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled error reporting when using LOAD DATA INFILE and would incorrectly raise an assert in certain circumstances. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly handled propagation during evaluation of arguments to extreme-value functions. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. It was discovered that MySQL incorrectly handled materializing a derived table that required a temporary table for grouping. An authenticated user could exploit this to make MySQL crash, causing a denial of service. It was discovered that MySQL incorrectly handled certain user-variable assignment expressions that are evaluated in a logical expression context. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. It was discovered that MySQL incorrectly handled pre-evaluation of LIKE predicates during view preparation. An authenticated user could exploit this to make MySQL crash, causing a denial of service. It was discovered that MySQL incorrectly handled using GROUP_CONCAT and WITH ROLLUP together. An authenticated user could exploit this to make MySQL crash, causing a denial of service. It was discovered that MySQL incorrectly handled certain queries using a mixed list of numeric and LONGBLOB arguments to the GREATEST or LEAST functions. An authenticated user could exploit this to make MySQL crash, causing a denial of service. It was discovered that MySQL incorrectly handled queries with nested joins when used from stored procedures and prepared statements. An authenticated user could exploit this to make MySQL hang, causing a denial of service. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10. It was discovered that MySQL incorrectly handled improper WKB data passed to the PolyFromWKB function. An authenticated user could exploit this to make MySQL crash, causing a denial of service | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1017-1 CVE-2010-2008 CVE-2010-3677 CVE-2010-3678 CVE-2010-3679 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 CVE-2010-3833 CVE-2010-3834 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.10 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 6.06 | Product(s): | mysql-5.1 mysql-dfsg-5.0 mysql-dfsg-5.1 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15023 | |||
Oval ID: | oval:org.mitre.oval:def:15023 | ||
Title: | DSA-2429-1 mysql-5.1 -- several | ||
Description: | Several security vulnerabilities were discovered in MySQL, a database management system. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.61, which includes additional changes, such as performance improvements and corrections for data loss defects | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2429-1 CVE-2011-2262 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101 CVE-2012-0102 CVE-2012-0112 CVE-2012-0113 CVE-2012-0114 CVE-2012-0115 CVE-2012-0116 CVE-2012-0118 CVE-2012-0119 CVE-2012-0120 CVE-2012-0484 CVE-2012-0485 CVE-2012-0490 CVE-2012-0492 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | mysql-5.1 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16963 | |||
Oval ID: | oval:org.mitre.oval:def:16963 | ||
Title: | USN-671-1 -- mysql-dfsg-5.0 vulnerabilities | ||
Description: | It was discovered that MySQL could be made to overwrite existing table files in the data directory. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-671-1 CVE-2008-2079 CVE-2008-4097 CVE-2008-4098 CVE-2008-3963 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | mysql-dfsg-5.0 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20084 | |||
Oval ID: | oval:org.mitre.oval:def:20084 | ||
Title: | DSA-1997-1 mysql-dfsg-5.0 - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the MySQL database server. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1997-1 CVE-2009-4019 CVE-2009-4030 CVE-2009-4484 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 5.0 | Product(s): | mysql-dfsg-5.0 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20178 | |||
Oval ID: | oval:org.mitre.oval:def:20178 | ||
Title: | DSA-1783-1 mysql-dfsg-5.0 - several vulnerabilities | ||
Description: | Multiple vulnerabilities have been identified affecting MySQL, a relational database server, and its associated interactive client application. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1783-1 CVE-2008-3963 CVE-2008-4456 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 5.0 | Product(s): | mysql-dfsg-5.0 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20366 | |||
Oval ID: | oval:org.mitre.oval:def:20366 | ||
Title: | DSA-1413-1 mysql - multiple | ||
Description: | Several vulnerabilities have been found in the MySQL database packages with implications ranging from unauthorised database modifications to remotely triggered server crashes. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1413-1 CVE-2007-2583 CVE-2007-2691 CVE-2007-2692 CVE-2007-3780 CVE-2007-3782 CVE-2007-5925 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | mysql-dfsg-5.0 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20957 | |||
Oval ID: | oval:org.mitre.oval:def:20957 | ||
Title: | RHSA-2012:0127: mysql security update (Moderate) | ||
Description: | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0127-01 CESA-2012:0127 CVE-2010-1849 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101 CVE-2012-0102 CVE-2012-0114 CVE-2012-0484 CVE-2012-0490 | Version: | 107 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21419 | |||
Oval ID: | oval:org.mitre.oval:def:21419 | ||
Title: | RHSA-2010:0109: mysql security update (Moderate) | ||
Description: | MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0109-01 CESA-2010:0109 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030 | Version: | 42 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21851 | |||
Oval ID: | oval:org.mitre.oval:def:21851 | ||
Title: | ELSA-2007:1155: mysql security update (Important) | ||
Description: | MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:1155-01 CVE-2007-5969 CVE-2007-5925 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22134 | |||
Oval ID: | oval:org.mitre.oval:def:22134 | ||
Title: | RHSA-2010:0442: mysql security update (Important) | ||
Description: | Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0442-01 CESA-2010:0442 CVE-2010-1626 CVE-2010-1848 CVE-2010-1850 | Version: | 42 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22337 | |||
Oval ID: | oval:org.mitre.oval:def:22337 | ||
Title: | RHSA-2010:0825: mysql security update (Moderate) | ||
Description: | The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0825-01 CESA-2010:0825 CVE-2010-3677 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 | Version: | 146 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22758 | |||
Oval ID: | oval:org.mitre.oval:def:22758 | ||
Title: | ELSA-2010:0109: mysql security update (Moderate) | ||
Description: | MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0109-01 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030 | Version: | 17 |
Platform(s): | Oracle Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22888 | |||
Oval ID: | oval:org.mitre.oval:def:22888 | ||
Title: | ELSA-2009:1289: mysql security and bug fix update (Moderate) | ||
Description: | Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1289-02 CVE-2008-2079 CVE-2008-3963 CVE-2008-4456 CVE-2009-2446 | Version: | 21 |
Platform(s): | Oracle Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23130 | |||
Oval ID: | oval:org.mitre.oval:def:23130 | ||
Title: | ELSA-2010:0442: mysql security update (Important) | ||
Description: | Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0442-01 CVE-2010-1626 CVE-2010-1848 CVE-2010-1850 | Version: | 17 |
Platform(s): | Oracle Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23210 | |||
Oval ID: | oval:org.mitre.oval:def:23210 | ||
Title: | ELSA-2010:0825: mysql security update (Moderate) | ||
Description: | The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0825-01 CVE-2010-3677 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 | Version: | 49 |
Platform(s): | Oracle Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23295 | |||
Oval ID: | oval:org.mitre.oval:def:23295 | ||
Title: | ELSA-2012:0127: mysql security update (Moderate) | ||
Description: | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0127-01 CVE-2010-1849 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101 CVE-2012-0102 CVE-2012-0114 CVE-2012-0484 CVE-2012-0490 | Version: | 37 |
Platform(s): | Oracle Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27723 | |||
Oval ID: | oval:org.mitre.oval:def:27723 | ||
Title: | DEPRECATED: ELSA-2010-0825 -- mysql security update (moderate) | ||
Description: | [5.0.77-4.4] - Add fixes for CVE-2010-3677, CVE-2010-3680, CVE-2010-3681, CVE-2010-3682, CVE-2010-3833, CVE-2010-3835, CVE-2010-3836, CVE-2010-3837, CVE-2010-3838, CVE-2010-3839, CVE-2010-3840 Resolves: #645642 - Backpatch strmov fix so that code can be tested on more recent platforms | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0825 CVE-2010-3677 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27920 | |||
Oval ID: | oval:org.mitre.oval:def:27920 | ||
Title: | DEPRECATED: ELSA-2012-0127 -- mysql security update (moderate) | ||
Description: | [5.0.95-1.el5_7.1] - Update to 5.0.95, to get the last upstream bugfixes in this release series including numerous CVEs announced in January 2012 Resolves: #787140 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-0127 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101 CVE-2012-0102 CVE-2012-0114 CVE-2012-0484 CVE-2012-0490 CVE-2010-1849 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28096 | |||
Oval ID: | oval:org.mitre.oval:def:28096 | ||
Title: | DEPRECATED: ELSA-2010-0442 -- mysql security update (important) | ||
Description: | [5.0.77-4.3] - Add fixes for CVE-2010-1626, CVE-2010-1848, CVE-2010-1850 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0442 CVE-2010-1626 CVE-2010-1848 CVE-2010-1850 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28197 | |||
Oval ID: | oval:org.mitre.oval:def:28197 | ||
Title: | DEPRECATED: ELSA-2011-0164 -- mysql security update (moderate) | ||
Description: | [5.1.52-1.1] - Update to MySQL 5.1.52, for various fixes described at http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html including numerous small security issues Resolves: #652553 - Sync with current Fedora package; this includes: - Duplicate COPYING and EXCEPTIONS-CLIENT in -libs and -embedded subpackages, to ensure they are available when any subset of mysql RPMs are installed, per revised packaging guidelines - Allow init script's STARTTIMEOUT/STOPTIMEOUT to be overridden from sysconfig | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0164 CVE-2010-3677 CVE-2010-3678 CVE-2010-3679 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | mysql |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28260 | |||
Oval ID: | oval:org.mitre.oval:def:28260 | ||
Title: | DEPRECATED: ELSA-2010-0109 -- mysql security update (moderate) | ||
Description: | [5.0.77-4.2] - Add fixes for CVE-2009-4019, CVE-2009-4028, CVE-2009-4030 Resolves: #556505 - Use non-expired certificates for SSL testing (upstream bug 50702) - Emit explicit error message if user tries to build RPM as root - Add comment suggesting disabling symbolic links in /etc/my.cnf | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0109 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28888 | |||
Oval ID: | oval:org.mitre.oval:def:28888 | ||
Title: | RHSA-2009:1289 -- mysql security and bug fix update (Moderate) | ||
Description: | Updated mysql packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1289 CESA-2009:1289-CentOS 5 CVE-2008-2079 CVE-2008-3963 CVE-2008-4456 CVE-2009-2446 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | mysql |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6693 | |||
Oval ID: | oval:org.mitre.oval:def:6693 | ||
Title: | Oracle MySQL 'COM_FIELD_LIST' Command Buffer Overflow Vulnerability | ||
Description: | Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-1850 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 | Product(s): | MySQL Server 5.0 MySQL Server 5.1 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6799 | |||
Oval ID: | oval:org.mitre.oval:def:6799 | ||
Title: | DSA-1997 mysql-dfsg-5.0 -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: Domas Mituzas discovered that mysqld does not properly handle errors during execution of certain SELECT statements with subqueries, and does not preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service via a crafted statement. Sergei Golubchik discovered that MySQL allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified DATA DIRECTORY or INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory. Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld, allow remote attackers to execute arbitrary code or cause a denial of service by establishing an SSL connection and sending an X.509 client certificate with a crafted name field. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1997 CVE-2009-4019 CVE-2009-4030 CVE-2009-4484 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | mysql-dfsg-5.0 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7210 | |||
Oval ID: | oval:org.mitre.oval:def:7210 | ||
Title: | Oracle MySQL 'COM_FIELD_LIST' Command Packet Security Bypass Vulnerability | ||
Description: | Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-1848 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 | Product(s): | MySQL Server 5.0 MySQL Server 5.1 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7328 | |||
Oval ID: | oval:org.mitre.oval:def:7328 | ||
Title: | Oracle MySQL Malformed Packet Handling Remote Denial of Service Vulnerability | ||
Description: | The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-1849 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 | Product(s): | MySQL Server 5.0 MySQL Server 5.1 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7877 | |||
Oval ID: | oval:org.mitre.oval:def:7877 | ||
Title: | DSA-1783 mysql-dfsg-5.0 -- multiple vulnerabilities | ||
Description: | Multiple vulnerabilities have been identified affecting MySQL, a relational database server, and its associated interactive client application. The Common Vulnerabilities and Exposures project identifies the following two problems: Kay Roepke reported that the MySQL server would not properly handle an empty bit-string literal in an SQL statement, allowing an authenticated remote attacker to cause a denial of service (a crash) in mysqld. This issue affects the oldstable distribution (etch), but not the stable distribution (lenny). Thomas Henlich reported that the MySQL commandline client application did not encode HTML special characters when run in HTML output mode (that is, "mysql --html ..."). This could potentially lead to cross-site scripting or unintended script privilege escalation if the resulting output is viewed in a browser or incorporated into a web site. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1783 CVE-2008-3963 CVE-2008-4456 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | mysql-dfsg-5.0 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7905 | |||
Oval ID: | oval:org.mitre.oval:def:7905 | ||
Title: | DSA-1877 mysql-dfsg-5.0 -- denial of service/execution of arbitrary code | ||
Description: | In MySQL 4.0.0 through 5.0.83, multiple format string vulnerabilities in the dispatch_command() function in libmysqld/sql_parse.cc in mysqld allow remote authenticated users to cause a denial of service (daemon crash) and potentially the execution of arbitrary code via format string specifiers in a database name in a COM_CREATE_DB or COM_DROP_DB request. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1877 CVE-2009-2446 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | mysql-dfsg-5.0 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8156 | |||
Oval ID: | oval:org.mitre.oval:def:8156 | ||
Title: | MySQL 5.1 Privilege Bypass with DATA/INDEX DIRECTORY | ||
Description: | MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-4030 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 | Product(s): | MySQL Server 5.1 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8500 | |||
Oval ID: | oval:org.mitre.oval:def:8500 | ||
Title: | MySQL 5.0 and 5.1 SELECT Statement DOS Vulnerability | ||
Description: | mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-4019 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 | Product(s): | MySQL Server 5.0 MySQL Server 5.1 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9490 | |||
Oval ID: | oval:org.mitre.oval:def:9490 | ||
Title: | MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247. | ||
Description: | MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1626 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for mysql CESA-2012:0105 centos6 File : nvt/gb_CESA-2012_0105_mysql_centos6.nasl |
2012-07-30 | Name : CentOS Update for mysql CESA-2012:0127 centos5 File : nvt/gb_CESA-2012_0127_mysql_centos5.nasl |
2012-07-09 | Name : RedHat Update for mysql RHSA-2012:0105-01 File : nvt/gb_RHSA-2012_0105-01_mysql.nasl |
2012-06-05 | Name : RedHat Update for mysql RHSA-2011:0164-01 File : nvt/gb_RHSA-2011_0164-01_mysql.nasl |
2012-04-30 | Name : Debian Security Advisory DSA 2429-1 (mysql-5.1) File : nvt/deb_2429_1.nasl |
2012-04-02 | Name : Fedora Update for mysql FEDORA-2012-0972 File : nvt/gb_fedora_2012_0972_mysql_fc16.nasl |
2012-03-16 | Name : Ubuntu Update for mysql-5.1 USN-1397-1 File : nvt/gb_ubuntu_USN_1397_1.nasl |
2012-02-21 | Name : RedHat Update for mysql RHSA-2012:0127-01 File : nvt/gb_RHSA-2012_0127-01_mysql.nasl |
2012-02-13 | Name : Fedora Update for mysql FEDORA-2012-0987 File : nvt/gb_fedora_2012_0987_mysql_fc15.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201201-02 (MySQL) File : nvt/glsa_201201_02.nasl |
2011-09-07 | Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007) File : nvt/gb_macosx_su10-007.nasl |
2011-08-19 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-004) File : nvt/secpod_macosx_su11-004.nasl |
2011-08-09 | Name : CentOS Update for mysql CESA-2009:1289 centos5 i386 File : nvt/gb_CESA-2009_1289_mysql_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for mysql CESA-2010:0109 centos5 i386 File : nvt/gb_CESA-2010_0109_mysql_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for mysql CESA-2010:0442 centos5 i386 File : nvt/gb_CESA-2010_0442_mysql_centos5_i386.nasl |
2011-01-21 | Name : Mandriva Update for mysql MDVSA-2011:012 (mysql) File : nvt/gb_mandriva_MDVSA_2011_012.nasl |
2011-01-21 | Name : MySQL 'Gis_line_string::init_from_wkb()' DOS Vulnerability File : nvt/gb_mysql_gis_line_string_dos_vuln.nasl |
2011-01-21 | Name : MySQL Denial of Service (infinite loop) Vulnerabilities File : nvt/gb_mysql_infinite_loop_dos_vuln.nasl |
2011-01-21 | Name : MySQL Multiple Denial of Service Vulnerabilities File : nvt/gb_mysql_mult_dos_vuln_jan11.nasl |
2011-01-18 | Name : MySQL Handler Multiple Denial Of Service Vulnerabilities File : nvt/gb_mysql_handler_mult_dos_vuln.nasl |
2011-01-18 | Name : MySQL Multiple Denial Of Service Vulnerabilities File : nvt/gb_mysql_mult_dos_vuln.nasl |
2011-01-18 | Name : MySQL Mysqld Multiple Denial Of Service Vulnerabilities File : nvt/gb_mysql_mysqld_mult_dos_vuln.nasl |
2010-12-02 | Name : Fedora Update for mysql FEDORA-2010-15147 File : nvt/gb_fedora_2010_15147_mysql_fc14.nasl |
2010-11-16 | Name : CentOS Update for mysql CESA-2010:0824 centos4 i386 File : nvt/gb_CESA-2010_0824_mysql_centos4_i386.nasl |
2010-11-16 | Name : RedHat Update for mysql RHSA-2010:0824-01 File : nvt/gb_RHSA-2010_0824-01_mysql.nasl |
2010-11-16 | Name : RedHat Update for mysql RHSA-2010:0825-01 File : nvt/gb_RHSA-2010_0825-01_mysql.nasl |
2010-11-16 | Name : Mandriva Update for mysql MDVSA-2010:155-1 (mysql) File : nvt/gb_mandriva_MDVSA_2010_155_1.nasl |
2010-11-16 | Name : Mandriva Update for mysql MDVSA-2010:222 (mysql) File : nvt/gb_mandriva_MDVSA_2010_222.nasl |
2010-11-16 | Name : Mandriva Update for mysql MDVSA-2010:223 (mysql) File : nvt/gb_mandriva_MDVSA_2010_223.nasl |
2010-11-16 | Name : Ubuntu Update for MySQL vulnerabilities USN-1017-1 File : nvt/gb_ubuntu_USN_1017_1.nasl |
2010-11-10 | Name : Oracle MySQL Prior to 5.1.51 Multiple Denial Of Service Vulnerabilities File : nvt/gb_mysql_43676.nasl |
2010-10-19 | Name : Fedora Update for mysql FEDORA-2010-15166 File : nvt/gb_fedora_2010_15166_mysql_fc13.nasl |
2010-09-07 | Name : Oracle MySQL Prior to 5.1.49 Multiple Denial Of Service Vulnerabilities File : nvt/gb_mysql_5_1_49.nasl |
2010-08-30 | Name : Oracle MySQL 'TEMPORARY InnoDB' Tables Denial Of Service Vulnerability File : nvt/gb_mysql_42598.nasl |
2010-08-24 | Name : Mandriva Update for mysql MDVSA-2010:155 (mysql) File : nvt/gb_mandriva_MDVSA_2010_155.nasl |
2010-08-06 | Name : Fedora Update for mysql FEDORA-2010-11126 File : nvt/gb_fedora_2010_11126_mysql_fc12.nasl |
2010-07-30 | Name : Fedora Update for mysql FEDORA-2010-11135 File : nvt/gb_fedora_2010_11135_mysql_fc13.nasl |
2010-07-19 | Name : MySQL 'ALTER DATABASE' Remote Denial Of Service Vulnerability File : nvt/gb_mysql_databse_dos_vuln.nasl |
2010-06-11 | Name : Fedora Update for mysql FEDORA-2010-9016 File : nvt/gb_fedora_2010_9016_mysql_fc13.nasl |
2010-06-11 | Name : Fedora Update for mysql FEDORA-2010-9053 File : nvt/gb_fedora_2010_9053_mysql_fc12.nasl |
2010-06-11 | Name : Fedora Update for mysql FEDORA-2010-9061 File : nvt/gb_fedora_2010_9061_mysql_fc11.nasl |
2010-06-11 | Name : MySQL Multiple Vulnerabilities File : nvt/gb_mysql_mult_vuln.nasl |
2010-06-11 | Name : Ubuntu Update for MySQL vulnerabilities USN-950-1 File : nvt/gb_ubuntu_USN_950_1.nasl |
2010-06-10 | Name : Debian Security Advisory DSA 2057-1 (mysql-dfsg-5.0) File : nvt/deb_2057_1.nasl |
2010-05-28 | Name : RedHat Update for mysql RHSA-2010:0442-01 File : nvt/gb_RHSA-2010_0442-01_mysql.nasl |
2010-05-28 | Name : Mandriva Update for mysql MDVSA-2010:101 (mysql) File : nvt/gb_mandriva_MDVSA_2010_101.nasl |
2010-05-28 | Name : Mandriva Update for mysql MDVSA-2010:107 (mysql) File : nvt/gb_mandriva_MDVSA_2010_107.nasl |
2010-05-27 | Name : MySQL < 5.1.47 Multiple Vulnerabilities File : nvt/gb_mysql_5_1_47.nasl |
2010-05-19 | Name : Oracle MySQL 'COM_FIELD_LIST' Command Buffer Overflow Vulnerability File : nvt/gb_mysql_40106.nasl |
2010-05-17 | Name : Fedora Update for mysql FEDORA-2010-7355 File : nvt/gb_fedora_2010_7355_mysql_fc11.nasl |
2010-05-17 | Name : Fedora Update for mysql FEDORA-2010-7414 File : nvt/gb_fedora_2010_7414_mysql_fc12.nasl |
2010-05-17 | Name : Mandriva Update for mysql MDVSA-2010:093 (mysql) File : nvt/gb_mandriva_MDVSA_2010_093.nasl |
2010-05-12 | Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002 File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl |
2010-04-20 | Name : MySQL UNINSTALL PLUGIN Security Bypass Vulnerability File : nvt/gb_mysql_39543.nasl |
2010-03-22 | Name : Mandriva Update for timezone MDVA-2010:101 (timezone) File : nvt/gb_mandriva_MDVA_2010_101.nasl |
2010-03-22 | Name : Mandriva Update for pulseaudio MDVA-2010:107 (pulseaudio) File : nvt/gb_mandriva_MDVA_2010_107.nasl |
2010-03-12 | Name : Mandriva Update for mdkonline MDVA-2010:093 (mdkonline) File : nvt/gb_mandriva_MDVA_2010_093.nasl |
2010-03-02 | Name : Fedora Update for mysql FEDORA-2010-1300 File : nvt/gb_fedora_2010_1300_mysql_fc11.nasl |
2010-03-02 | Name : Fedora Update for mysql FEDORA-2010-1348 File : nvt/gb_fedora_2010_1348_mysql_fc12.nasl |
2010-02-22 | Name : Mandriva Update for mysql MDVSA-2010:044 (mysql) File : nvt/gb_mandriva_MDVSA_2010_044.nasl |
2010-02-19 | Name : CentOS Update for mysql CESA-2010:0110 centos4 i386 File : nvt/gb_CESA-2010_0110_mysql_centos4_i386.nasl |
2010-02-19 | Name : RedHat Update for mysql RHSA-2010:0109-01 File : nvt/gb_RHSA-2010_0109-01_mysql.nasl |
2010-02-19 | Name : RedHat Update for mysql RHSA-2010:0110-01 File : nvt/gb_RHSA-2010_0110-01_mysql.nasl |
2010-02-15 | Name : Ubuntu Update for MySQL vulnerabilities USN-897-1 File : nvt/gb_ubuntu_USN_897_1.nasl |
2010-01-29 | Name : Mandriva Update for mmc MDVA-2010:044 (mmc) File : nvt/gb_mandriva_MDVA_2010_044.nasl |
2010-01-19 | Name : Mandriva Update for mysql MDVSA-2010:011 (mysql) File : nvt/gb_mandriva_MDVSA_2010_011.nasl |
2010-01-19 | Name : Mandriva Update for mysql MDVSA-2010:012 (mysql) File : nvt/gb_mandriva_MDVSA_2010_012.nasl |
2010-01-11 | Name : MySQL 5.0.51a Unspecified Remote Code Execution Vulnerability File : nvt/mysql_37640.nasl |
2010-01-04 | Name : MySQL Server Buffer Overflow Vulnerability (Linux) File : nvt/secpod_mysql_bof_vuln_lin.nasl |
2009-12-30 | Name : Fedora Core 12 FEDORA-2009-13466 (mysql) File : nvt/fcore_2009_13466.nasl |
2009-12-30 | Name : Fedora Core 11 FEDORA-2009-13504 (mysql) File : nvt/fcore_2009_13504.nasl |
2009-12-14 | Name : Fedora Core 10 FEDORA-2009-12180 (mysql) File : nvt/fcore_2009_12180.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:326 (mysql) File : nvt/mdksa_2009_326.nasl |
2009-12-04 | Name : MySQL Authenticated Access Restrictions Bypass Vulnerability File : nvt/gb_mysql_auth_bypass_vuln.nasl |
2009-12-04 | Name : MySQL Authenticated Access Restrictions Bypass Vulnerability (Linux) File : nvt/gb_mysql_auth_bypass_vuln_lin.nasl |
2009-12-04 | Name : MySQL Denial Of Service and Spoofing Vulnerabilities File : nvt/gb_mysql_dos_n_spoofing_vuln.nasl |
2009-11-20 | Name : MySQL multiple Vulnerabilities File : nvt/mysql_multiple_vuln.nasl |
2009-10-13 | Name : SLES10: Security update for MySQL File : nvt/sles10_mysql.nasl |
2009-10-13 | Name : SLES10: Security update for MySQL File : nvt/sles10_mysql0.nasl |
2009-10-11 | Name : SLES11: Security update for MySQL File : nvt/sles11_libmysqlclient1.nasl |
2009-10-10 | Name : SLES9: Security update for MySQL File : nvt/sles9p5021882.nasl |
2009-10-10 | Name : SLES9: Security update for MySQL File : nvt/sles9p5040120.nasl |
2009-10-10 | Name : SLES9: Security update for MySQL File : nvt/sles9p5056120.nasl |
2009-09-28 | Name : RedHat Security Advisory RHSA-2009:1461 File : nvt/RHSA_2009_1461.nasl |
2009-09-21 | Name : CentOS Security Advisory CESA-2009:1289 (mysql) File : nvt/ovcesa2009_1289.nasl |
2009-09-09 | Name : RedHat Security Advisory RHSA-2009:1289 File : nvt/RHSA_2009_1289.nasl |
2009-09-09 | Name : Debian Security Advisory DSA 1877-1 (mysql-dfsg-5.0) File : nvt/deb_1877_1.nasl |
2009-09-09 | Name : SuSE Security Summary SUSE-SR:2009:014 File : nvt/suse_sr_2009_014.nasl |
2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:179 (mysql) File : nvt/mdksa_2009_179.nasl |
2009-07-29 | Name : Mandrake Security Advisory MDVSA-2009:159 (mysql) File : nvt/mdksa_2009_159.nasl |
2009-07-17 | Name : MySQL 'sql_parse.cc' Multiple Format String Vulnerabilities File : nvt/gb_mysql_mult_format_string_vuln.nasl |
2009-06-05 | Name : RedHat Security Advisory RHSA-2009:1067 File : nvt/RHSA_2009_1067.nasl |
2009-06-05 | Name : Ubuntu USN-763-1 (xine-lib) File : nvt/ubuntu_763_1.nasl |
2009-04-28 | Name : Mandrake Security Advisory MDVSA-2009:094 (mysql) File : nvt/mdksa_2009_094.nasl |
2009-04-23 | Name : MySQL MyISAM Table Privileges Secuity Bypass Vulnerability File : nvt/mysql_29106.nasl |
2009-04-09 | Name : Mandriva Update for MySQL MDKSA-2007:243 (MySQL) File : nvt/gb_mandriva_MDKSA_2007_243.nasl |
2009-03-23 | Name : Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-559-1 File : nvt/gb_ubuntu_USN_559_1.nasl |
2009-03-23 | Name : Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-671-1 File : nvt/gb_ubuntu_USN_671_1.nasl |
2009-03-06 | Name : RedHat Update for mysql RHSA-2007:1155-01 File : nvt/gb_RHSA-2007_1155-01_mysql.nasl |
2009-02-27 | Name : CentOS Update for mysql CESA-2007:1155 centos4 i386 File : nvt/gb_CESA-2007_1155_mysql_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for mysql CESA-2007:1155 centos4 x86_64 File : nvt/gb_CESA-2007_1155_mysql_centos4_x86_64.nasl |
2009-02-27 | Name : Fedora Update for mysql FEDORA-2007-4465 File : nvt/gb_fedora_2007_4465_mysql_fc8.nasl |
2009-02-27 | Name : Fedora Update for mysql FEDORA-2007-4471 File : nvt/gb_fedora_2007_4471_mysql_fc7.nasl |
2009-01-20 | Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.1) File : nvt/suse_sr_2009_001.nasl |
2009-01-20 | Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.0) File : nvt/suse_sr_2009_001a.nasl |
2009-01-20 | Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 10.3) File : nvt/suse_sr_2009_001b.nasl |
2009-01-13 | Name : FreeBSD Ports: mysql-server File : nvt/freebsd_mysql-server16.nasl |
2009-01-02 | Name : FreeBSD Ports: mysql-server File : nvt/freebsd_mysql-server15.nasl |
2008-11-19 | Name : Debian Security Advisory DSA 1662-1 (mysql-dfsg-5.0) File : nvt/deb_1662_1.nasl |
2008-10-03 | Name : FreeBSD Ports: mysql-client File : nvt/freebsd_mysql-client0.nasl |
2008-09-25 | Name : MySQL Empty Bit-String Literal Denial of Service Vulnerability File : nvt/secpod_mysql_dos_vuln_900221.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-25 (mysql) File : nvt/glsa_200711_25.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1413-1 (mysql-dfsg, mysql-dfsg-5.0, mysql-dfsg-4.1) File : nvt/deb_1413_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2007-348-01 mysql File : nvt/esoft_slk_ssa_2007_348_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
78394 | Oracle MySQL Server Unspecified Remote DoS (2012-0493) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78393 | Oracle MySQL Server Unspecified Remote DoS (2012-0492) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78392 | Oracle MySQL Server Unspecified Remote DoS (2012-0117) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78391 | Oracle MySQL Server Unspecified Remote DoS (2012-0112) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78390 | Oracle MySQL Server Unspecified Remote DoS (2012-0495) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78389 | Oracle MySQL Server Unspecified Remote DoS (2012-0491) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78388 | Oracle MySQL Server Unspecified Remote DoS (2012-0490) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78387 | Oracle MySQL Server Unspecified Remote DoS (2012-0489) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78386 | Oracle MySQL Server Unspecified Remote DoS (2012-0488) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78385 | Oracle MySQL Server Unspecified Remote DoS (2012-0487) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78384 | Oracle MySQL Server Unspecified Remote DoS (2012-0486) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78383 | Oracle MySQL Server Unspecified Remote DoS (2012-0485) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78382 | Oracle MySQL Server Unspecified Remote DoS (2012-0120) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78381 | Oracle MySQL Server Unspecified Remote DoS (2012-0119) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78380 | Oracle MySQL Server Unspecified Remote DoS (2012-0115) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78379 | Oracle MySQL Server Unspecified Remote DoS (2012-0102) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78378 | Oracle MySQL Server Unspecified Remote DoS (2012-0101) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78377 | Oracle MySQL Server Unspecified Remote DoS (2012-0087) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78376 | Oracle MySQL Server Unspecified Remote DoS (2011-2262) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service, resulting in a loss of availability. |
78375 | Oracle MySQL Server Unspecified Local DoS Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a local denial of service, resulting in a loss of availability. |
78374 | Oracle MySQL Server Unspecified Remote Issue (2012-0075) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote attacker to cause a loss of integrity. |
78373 | Oracle MySQL Server Unspecified Local Issue Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a local attacker to cause a loss in confidentiality and integrity. |
78372 | Oracle MySQL Server Unspecified Remote Information Disclosure Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote information disclosure, resulting in a loss of confidentiality. |
78371 | Oracle MySQL Server Unspecified Remote Issue (2012-0496) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service or information disclosure, resulting in a loss of availability and confidentiality. |
78370 | Oracle MySQL Server Unspecified Remote Issue (2012-0118) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service or information disclosure, resulting in a loss of availability and confidentiality. |
78369 | Oracle MySQL Server Unspecified Remote Issue (2012-0116) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote authenticated attacker to cause a loss of confidentiality and integrity. |
78368 | Oracle MySQL Server Unspecified Remote Issue (2012-0113) Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote denial of service or information disclosure, resulting in a loss of availability and confidentiality. |
69395 | MySQL Derived Table Grouping DoS |
69394 | MySQL Temporary Table Expression Re-Evaluation DoS |
69393 | MySQL GROUP_CONCAT() WITH ROLLUP Modifier DoS |
69392 | MySQL Extreme-Value Functions Mixed Arguments DoS |
69391 | MySQL Stored Procedures / Prepared Statements Nested Joins DoS |
69390 | MySQL Extreme-Value Functions Argument Parsing Type Error DoS |
69387 | MySQL LIKE Predicates Pre-Evaluation DoS |
69001 | MySQL PolyFromWKB() Function WKB Data Remote DoS MySQL contains a flaw that may allow a remote denial of service. The issue is triggered when an error in the 'PolyFromWKB()' function is exploited through the use of specially crafted WKB data, resulting in a denial of service. |
69000 | MySQL HANDLER Interface Unspecified READ Request DoS MySQL contains a flaw that may allow a remote denial of service. The issue is triggered when MySQL fails to properly process certain alternating READ requests provided by HANDLER statements. This may allow a remote, authenticated user to cause a loss of availability. |
67384 | MySQL LOAD DATA INFILE Statement Incorrect OK Packet DoS |
67383 | MySQL EXPLAIN Statement Item_singlerow_subselect::store Function NULL Derefer... |
67381 | MySQL InnoDB Temporary Table Handling DoS |
67380 | MySQL BINLOG Statement Unspecified Argument DoS |
67379 | MySQL Multiple Operation NULL Argument Handling DoS |
67378 | MySQL Unique SET Column Join DoS |
65851 | MySQL ALTER DATABASE #mysql50# Prefix Handling DoS |
64843 | MySQL DROP TABLE Command Symlink MyISAM Table Local Data Deletion |
64588 | MySQL Large Packet Infinite Read DoS |
64587 | MySQL COM_FIELD_LIST Command Packet Table Name Argument Overflow |
64586 | MySQL COM_FIELD_LIST Command Packet Authentication Bypass |
63903 | MySQL sql/sql_plugin.cc mysql_uninstall_plugin Function UNINSTALL PLUGIN Comm... |
61956 | yaSSL Certificate Name Handling Overflow |
60665 | MySQL CREATE TABLE MyISAM Table mysql_unpacked_real_data_home Local Restricti... |
60664 | MySQL sql/sql_table.cc Data Home Directory Symlink CREATE TABLE Access Restri... |
60489 | MySQL GeomFromWKB() Function First Argument Geometry Value Handling DoS |
60488 | MySQL SELECT Statement WHERE Clause Sub-query DoS |
55734 | MySQL sql_parse.cc dispatch_command() Function Format String DoS |
51171 | MySQL InnoDB convert_search_mode_to_innobase Function DoS |
48710 | MySQL Command Line Client HTML Output XSS |
48021 | MySQL Empty Bit-String Literal Token SQL Statement DoS |
44937 | MySQL MyISAM Table CREATE TABLE Privilege Check Bypass |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Database SELECT subquery denial of service attempt RuleID : 20053 - Revision : 7 - Type : SERVER-MYSQL |
2014-01-10 | Database unique set column denial of service attempt RuleID : 19094 - Revision : 12 - Type : SERVER-MYSQL |
2014-01-10 | Database unique set column denial of service attempt RuleID : 19093 - Revision : 12 - Type : SERVER-MYSQL |
2014-01-10 | IN NULL argument denial of service attempt RuleID : 19001 - Revision : 8 - Type : SERVER-MYSQL |
2014-01-10 | Database CASE NULL argument denial of service attempt RuleID : 19000 - Revision : 9 - Type : SERVER-MYSQL |
2014-01-10 | mysql_log COM_DROP_DB format string vulnerability exploit attempt RuleID : 16708 - Revision : 8 - Type : SERVER-MYSQL |
2014-01-10 | mysql_log COM_CREATE_DB format string vulnerability exploit attempt RuleID : 16707 - Revision : 8 - Type : SERVER-MYSQL |
2014-01-10 | Database COM_FIELD_LIST Buffer Overflow attempt RuleID : 16703 - Revision : 10 - Type : SERVER-MYSQL |
2014-01-10 | yaSSL library cert parsing stack overflow attempt RuleID : 16385 - Revision : 7 - Type : SERVER-MYSQL |
2014-01-10 | database Procedure Analyse denial of service attempt - 2 RuleID : 16349 - Revision : 7 - Type : SERVER-MYSQL |
2014-01-10 | database PROCEDURE ANALYSE denial of service attempt - 1 RuleID : 16348 - Revision : 7 - Type : SERVER-MYSQL |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_mysql_20130924.nasl - Type : ACT_GATHER_INFO |
2014-12-22 | Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10601.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL14410.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL8178.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-273.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-274.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libmariadbclient16-110701.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libmysqlclient-devel-110607.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libmysqlclusterclient16-110706.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_libmariadbclient16-110701.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_libmysqlclient-devel-110607.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_libmysqlclusterclient16-110706.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-44.nasl - Type : ACT_GATHER_INFO |
2013-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201308-06.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-1155.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0109.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0110.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0442.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0824.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0825.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0164.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0105.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0127.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0121.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysqlclient-devel-120731.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1289.nasl - Type : ACT_GATHER_INFO |
2013-01-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0121.nasl - Type : ACT_GATHER_INFO |
2013-01-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130108_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0121.nasl - Type : ACT_GATHER_INFO |
2012-11-15 | Name : The remote database server is affected by a local user to bypass privilege ce... File : mysql_5_0_95_create_table_bypass.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071218_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090902_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100216_mysql_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100216_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100526_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101103_mysql_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101103_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110118_mysql_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120208_mysql_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120213_mysql_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-03-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1397-1.nasl - Type : ACT_GATHER_INFO |
2012-03-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2429.nasl - Type : ACT_GATHER_INFO |
2012-02-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0127.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0127.nasl - Type : ACT_GATHER_INFO |
2012-02-13 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0987.nasl - Type : ACT_GATHER_INFO |
2012-02-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0105.nasl - Type : ACT_GATHER_INFO |
2012-02-09 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0972.nasl - Type : ACT_GATHER_INFO |
2012-02-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0105.nasl - Type : ACT_GATHER_INFO |
2012-01-19 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_0_95.nasl - Type : ACT_GATHER_INFO |
2012-01-19 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_1_61.nasl - Type : ACT_GATHER_INFO |
2012-01-19 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_5_20.nasl - Type : ACT_GATHER_INFO |
2012-01-18 | Name : The remote database is vulnerable to a denial fo service attack. File : mysql_5_0_54_5_1_23_6_0_4_DoS.nasl - Type : ACT_GATHER_INFO |
2012-01-18 | Name : The remote database server is vulnerable to multiple denial of service attacks. File : mysql_5_0_92.nasl - Type : ACT_GATHER_INFO |
2012-01-18 | Name : The remote database server is affected by several buffer overflow vulnerabili... File : mysql_5_1_43_yaSSL.nasl - Type : ACT_GATHER_INFO |
2012-01-18 | Name : The remote database server is vulnerable to multiple denial of service attacks. File : mysql_5_5_6.nasl - Type : ACT_GATHER_INFO |
2012-01-18 | Name : Access restrictions can be bypassed on the remote database server. File : mysql_6_0_9.nasl - Type : ACT_GATHER_INFO |
2012-01-16 | Name : The remote database server is prone to a denial of service attack. File : mysql_5_0_38.nasl - Type : ACT_GATHER_INFO |
2012-01-16 | Name : A remote database client have a cross-site scripting vulnerability. File : mysql_6_0_14_XSS.nasl - Type : ACT_GATHER_INFO |
2012-01-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201201-02.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysqlclient-devel-111013.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysqlclient-devel-111014.nasl - Type : ACT_GATHER_INFO |
2011-06-24 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_6_8.nasl - Type : ACT_GATHER_INFO |
2011-06-24 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2011-004.nasl - Type : ACT_GATHER_INFO |
2011-01-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-012.nasl - Type : ACT_GATHER_INFO |
2011-01-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0164.nasl - Type : ACT_GATHER_INFO |
2011-01-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2143.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysqlclient-devel-100429.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysqlclient-devel-100930.nasl - Type : ACT_GATHER_INFO |
2010-11-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0824.nasl - Type : ACT_GATHER_INFO |
2010-11-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0825.nasl - Type : ACT_GATHER_INFO |
2010-11-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1017-1.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes security issues. File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-222.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-223.nasl - Type : ACT_GATHER_INFO |
2010-11-09 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12661.nasl - Type : ACT_GATHER_INFO |
2010-11-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0824.nasl - Type : ACT_GATHER_INFO |
2010-11-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0825.nasl - Type : ACT_GATHER_INFO |
2010-10-18 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libmysqlclient-devel-100930.nasl - Type : ACT_GATHER_INFO |
2010-10-18 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libmysqlclient-devel-101006.nasl - Type : ACT_GATHER_INFO |
2010-10-18 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mysql-7172.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mysql-6899.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15147.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15166.nasl - Type : ACT_GATHER_INFO |
2010-10-05 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_1_51.nasl - Type : ACT_GATHER_INFO |
2010-08-26 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_1_49.nasl - Type : ACT_GATHER_INFO |
2010-08-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-155.nasl - Type : ACT_GATHER_INFO |
2010-08-03 | Name : The remote Fedora host is missing a security update. File : fedora_2010-11126.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-012.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-044.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-093.nasl - Type : ACT_GATHER_INFO |
2010-07-27 | Name : The remote Fedora host is missing a security update. File : fedora_2010-11135.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1300.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1348.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-7350.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-7355.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-7414.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9016.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9053.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9061.nasl - Type : ACT_GATHER_INFO |
2010-06-29 | Name : The remote database server is affected by denial of service vulnerability. File : mysql_5_1_48.nasl - Type : ACT_GATHER_INFO |
2010-06-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-950-1.nasl - Type : ACT_GATHER_INFO |
2010-06-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2057.nasl - Type : ACT_GATHER_INFO |
2010-06-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0442.nasl - Type : ACT_GATHER_INFO |
2010-05-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0442.nasl - Type : ACT_GATHER_INFO |
2010-05-26 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-107.nasl - Type : ACT_GATHER_INFO |
2010-05-24 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_1_47.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-101.nasl - Type : ACT_GATHER_INFO |
2010-05-12 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_1_46.nasl - Type : ACT_GATHER_INFO |
2010-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libmysqlclient-devel-100504.nasl - Type : ACT_GATHER_INFO |
2010-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libmysqlclient-devel-100401.nasl - Type : ACT_GATHER_INFO |
2010-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libmysqlclient-devel-100401.nasl - Type : ACT_GATHER_INFO |
2010-05-04 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libmysqlclient-devel-091216.nasl - Type : ACT_GATHER_INFO |
2010-05-04 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libmysqlclient-devel-091216.nasl - Type : ACT_GATHER_INFO |
2010-05-04 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libmysqlclient-devel-091215.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mysql-6897.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0109.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1877.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1997.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0110.nasl - Type : ACT_GATHER_INFO |
2010-02-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0109.nasl - Type : ACT_GATHER_INFO |
2010-02-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0110.nasl - Type : ACT_GATHER_INFO |
2010-02-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-897-1.nasl - Type : ACT_GATHER_INFO |
2010-01-18 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-011.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1289.nasl - Type : ACT_GATHER_INFO |
2009-12-22 | Name : The remote Fedora host is missing a security update. File : fedora_2009-13466.nasl - Type : ACT_GATHER_INFO |
2009-12-22 | Name : The remote Fedora host is missing a security update. File : fedora_2009-13504.nasl - Type : ACT_GATHER_INFO |
2009-12-14 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12180.nasl - Type : ACT_GATHER_INFO |
2009-12-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-326.nasl - Type : ACT_GATHER_INFO |
2009-11-25 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_0_88.nasl - Type : ACT_GATHER_INFO |
2009-11-25 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_1_41.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_libmysqlclient-devel-6360.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12044.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12256.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12456.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libmysqlclient-devel-090716.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mysql-6446.nasl - Type : ACT_GATHER_INFO |
2009-08-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libmysqlclient-devel-090716.nasl - Type : ACT_GATHER_INFO |
2009-08-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libmysqlclient-devel-090716.nasl - Type : ACT_GATHER_INFO |
2009-07-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-159.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libmysqlclient-devel-080919.nasl - Type : ACT_GATHER_INFO |
2009-04-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1783.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-094.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-671-1.nasl - Type : ACT_GATHER_INFO |
2009-01-12 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_66a770b4e00811dda7650030843d3802.nasl - Type : ACT_GATHER_INFO |
2008-12-30 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_738f8f9ed66111dda7650030843d3802.nasl - Type : ACT_GATHER_INFO |
2008-12-21 | Name : The remote openSUSE host is missing a security update. File : suse_libmysqlclient-devel-5619.nasl - Type : ACT_GATHER_INFO |
2008-12-01 | Name : The remote openSUSE host is missing a security update. File : suse_mysql-5613.nasl - Type : ACT_GATHER_INFO |
2008-11-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mysql-5618.nasl - Type : ACT_GATHER_INFO |
2008-11-09 | Name : The remote database server is susceptible to a privilege bypass attack. File : mysql_es_5_0_70.nasl - Type : ACT_GATHER_INFO |
2008-11-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1662.nasl - Type : ACT_GATHER_INFO |
2008-10-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_4775c8078f3011dd821f001cc0377035.nasl - Type : ACT_GATHER_INFO |
2008-09-11 | Name : The remote database server is affected by several issues. File : mysql_5_0_67.nasl - Type : ACT_GATHER_INFO |
2008-09-11 | Name : The remote database server is susceptible to a denial of service attack. File : mysql_5_1_26.nasl - Type : ACT_GATHER_INFO |
2008-09-11 | Name : The remote database server is susceptible to a denial of service attack. File : mysql_6_0_6.nasl - Type : ACT_GATHER_INFO |
2008-09-11 | Name : The remote database server is susceptible to a denial of service attack. File : mysql_es_5_0_66.nasl - Type : ACT_GATHER_INFO |
2008-02-05 | Name : The remote openSUSE host is missing a security update. File : suse_libmysqlclient-devel-4873.nasl - Type : ACT_GATHER_INFO |
2008-02-05 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mysql-4879.nasl - Type : ACT_GATHER_INFO |
2007-12-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-559-1.nasl - Type : ACT_GATHER_INFO |
2007-12-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-1155.nasl - Type : ACT_GATHER_INFO |
2007-12-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1155.nasl - Type : ACT_GATHER_INFO |
2007-12-17 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-348-01.nasl - Type : ACT_GATHER_INFO |
2007-12-17 | Name : The remote Fedora host is missing a security update. File : fedora_2007-4465.nasl - Type : ACT_GATHER_INFO |
2007-12-17 | Name : The remote Fedora host is missing a security update. File : fedora_2007-4471.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote database server is affected by several issues. File : mysql_5_1_23.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-243.nasl - Type : ACT_GATHER_INFO |
2007-11-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1413.nasl - Type : ACT_GATHER_INFO |
2007-11-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-25.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2018-01-05 09:26:27 |
|
2014-02-17 11:59:50 |
|