Download
| Alert*
oval:org.secpod.oval:def:201971
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. MySQL did not correctly check directories used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated attacker cou ... oval:org.secpod.oval:def:5565 The host is installed with 5.5.19 or earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle unknown vectors related to Server Optimizer. Successful exploitation could allow remote authenticated users to affect availability. oval:org.secpod.oval:def:201740 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. It was found that the MySQL PolyFromWKB function did not sanity check Well-Known Binary data. A remote, authenticated attacker could use specially-crafted WKB d ... oval:org.secpod.oval:def:201737 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. It was found that the MySQL PolyFromWKB function did not sanity check Well-Known Binary data. A remote, authenticated attacker could use specially-crafted WKB d ... oval:org.secpod.oval:def:5564 The host is installed with 5.5.21 or earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle unknown vectors related to Partition. Successful exploitation could allow remote authenticated users to affect availability. oval:org.secpod.oval:def:7476 The host is installed with MySQL 5.1.0 through 5.1.65 or 5.5.0 through 5.5.27 and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server Installation. Successful exploitation allows local users to affect confidentiality. oval:org.secpod.oval:def:202151 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. MySQL did not correctly check directories used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated attacker cou ... oval:org.secpod.oval:def:7471 The host is installed with MySQL 5.1.0 through 5.1.65 or 5.5.0 through 5.5.27 and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server. Successful exploitation allows remote authenticated users to affect availability. oval:org.secpod.oval:def:7474 The host is installed with MySQL 5.1.0 through 5.1.63 or 5.5.0 through 5.5.25 and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to InnoDB. Successful exploitation allows remote authenticated users to affect availability. oval:org.secpod.oval:def:7486 The host is installed with Oracle MySQL 5.0.x before 5.0.93 or 5.1.x before 5.1.50 and is prone to SQL injection vulnerability. A flaw is present in the application, which fails to handle the slave configurations in which the slave is running a newer version than the master. Successful exploitation ... oval:org.secpod.oval:def:202250 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ... oval:org.secpod.oval:def:4001 The host is installed with Oracle MySQL 5.1.x before 5.1.61 or 5.5.x before 5.5.20 and is prone to an unspecified vulnerability. A flaw is present in the application, which results in a partial availability impact. Successful exploitation allows remote attackers to cause a denial of service. oval:org.secpod.oval:def:3991 The host is installed with Oracle MySQL 5.0.x before 5.0.95 or 5.1.x before 5.1.61 or 5.5.x before 5.5.20 and is prone to an unspecified vulnerability. A flaw is present in the application, which results in a partial confidentiality impact. Successful exploitation allows remote attackers to cause a ... oval:org.secpod.oval:def:4002 The host is installed with Oracle MySQL 5.1.x before 5.1.61 or 5.5.x before 5.5.20 and is prone to an unspecified vulnerability. A flaw is present in the application, which results in a partial availability impact. Successful exploitation allows remote attackers to cause a denial of service. oval:org.secpod.oval:def:20676 The host is installed with Oracle MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24 or 6.0.x before 6.0.5 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors. Successful exploitation allows local users ... oval:org.secpod.oval:def:4005 The host is installed with Oracle MySQL 5.0.x before 5.0.95 or 5.1.x before 5.1.61 or 5.5.x before 5.5.20 and is prone to an unspecified vulnerability. A flaw is present in the application, which results in a partial integrity impact. Successful exploitation allows remote attackers to cause a denial ... oval:org.secpod.oval:def:20677 The host is installed with Oracle MySQL 5.0 before 5.0.66, 5.1 before 5.1.26 or 6.0 before 6.0.6 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle handle a b'' (b single-quote single-quote) token. Successful exploitation allows remo ... oval:org.secpod.oval:def:4003 The host is installed with Oracle MySQL 5.1.x before 5.1.61 or 5.5.x before 5.5.20 and is prone to an unspecified vulnerability. A flaw is present in the application, which results in a partial availability impact. Successful exploitation allows remote attackers to cause a denial of service. oval:org.secpod.oval:def:3998 The host is installed with Oracle MySQL 5.0.x before 5.0.95 or 5.1.x before 5.1.61 or 5.5.x before 5.5.20 and is prone to an unspecified vulnerability. A flaw is present in the application, which results in a partial confidentiality and integrity impact. Successful exploitation allows remote attacke ... oval:org.mitre.oval:def:8500 mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote auth ... oval:org.secpod.oval:def:201942 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. It was discovered that the MySQL client ignored certain SSL certificate verification errors when connecting to servers. A man-in-the-middle attacker could use th ... oval:org.secpod.oval:def:500482 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. It was discovered that the MySQL client ignored certain SSL certificate verification errors when connecting to servers. A man-in-the-middle attacker could use th ... oval:org.secpod.oval:def:201852 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. It was discovered that the MySQL client ignored certain SSL certificate verification errors when connecting to servers. A man-in-the-middle attacker could use th ... oval:org.secpod.oval:def:500925 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ... oval:org.secpod.oval:def:202491 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ... oval:org.secpod.oval:def:500334 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. It was found that the MySQL PolyFromWKB function did not sanity check Well-Known Binary data. A remote, authenticated attacker could use specially-crafted WKB d ... oval:org.secpod.oval:def:20689 The host is installed with Oracle MySQL 5.0 before 5.0.92, 5.1 before 5.1.51 or 5.5 before 5.5.6 and is prone to unspecified vulnerability. A flaw is present in the application, which does not properly handle vectors related to "materializing a derived table that required a temporary table for group ... oval:org.secpod.oval:def:20688 The host is installed with Oracle MySQL 5.0 before 5.0.92, 5.1 before 5.1.51 or 5.5 before 5.5.6 and is prone to denial of service vulnerability. A flaw is present in the application, which does not properly propagate type errors. Successful exploitation allows remote authenticated users to cause a ... oval:org.secpod.oval:def:3985 The host is installed with Oracle MySQL 5.0.x before 5.0.95 or 5.1.x before 5.1.61 or 5.5.x before 5.5.20 and is prone to an unspecified vulnerability. A flaw is present in the application, which results in a partial availability impact. Successful exploitation allows remote attackers to cause a den ... oval:org.mitre.oval:def:8510 The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate ... oval:org.secpod.oval:def:500146 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. The MySQL PolyFromWKB function did not sanity check Well-Known Binary data, which could allow a remote, authenticated attacker to crash mysqld. A flaw in the w ... oval:org.secpod.oval:def:500664 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. MySQL did not correctly check directories used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated attacker cou ... oval:org.secpod.oval:def:500741 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ... oval:org.secpod.oval:def:20692 The host is installed with Oracle MySQL 5.0 before 5.0.92, 5.1 before 5.1.51 or 5.5 before 5.5.6 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle vectors related a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modi ... oval:org.secpod.oval:def:20693 The host is installed with Oracle MySQL 5.0 before 5.0.92, 5.1 before 5.1.51 or 5.5 before 5.5.6 and is prone to denial of service vulnerability. A flaw is present in the application, which is not properly handled when the function's result is "processed using an intermediate temporary table.". Succ ... oval:org.secpod.oval:def:20691 The host is installed with Oracle MySQL 5.0 before 5.0.92, 5.1 before 5.1.51 or 5.5 before 5.5.6 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimi ... oval:org.secpod.oval:def:202236 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ... oval:org.mitre.oval:def:7210 Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot) in a table name. oval:org.secpod.oval:def:201861 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. A buffer overflow flaw was found in the way MySQL handled the parameters of the MySQL COM_FIELD_LIST network protocol command . An authenticated database user co ... oval:org.secpod.oval:def:201694 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. A buffer overflow flaw was found in the way MySQL handled the parameters of the MySQL COM_FIELD_LIST network protocol command . An authenticated database user co ... oval:org.mitre.oval:def:7328 The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length. oval:org.secpod.oval:def:500299 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. A buffer overflow flaw was found in the way MySQL handled the parameters of the MySQL COM_FIELD_LIST network protocol command . An authenticated database user co ... oval:org.secpod.oval:def:500739 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ... oval:org.mitre.oval:def:6693 Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name. |