RHSA-2014:0537 Red Hat Security Advisory: mysql55-mysql security update

Bulletin has no description...

CVE-2024-41109 Pimcore vulnerable to disclosure of system and database information behind /admin firewall

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to /admin/index/statistics with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the...

CVE-2024-20967 affecting package mysql for versions less than 8.0.36-1

CVE-2024-20967 affecting package mysql for versions less than 8.0.36-1. An upgraded version of the package is available that resolves this issue...

mysql: Client programs unspecified vulnerability (CPU Jul 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: Client programs. Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

mysql: InnoDB unspecified vulnerability (CPU Apr 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

PT-2023-9675 · Oracle +2 · Mysql Server +1

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.38 and prior MySQL Server versions 8.4.1 and prior MySQL Server versions 9.0.1 and prior Description: The issue is related to insufficient input validation in the InnoDB component of the MySQL Server. Exploitation of...

Oracle MySQL Security Vulnerabilities

Oracle MySQL is an open source relational database management system from Oracle Corporation. A security vulnerability previously existed in Oracle MySQL Server version 8.0.34, which originated from a vulnerability that allowed an attacker with elevated privileges to compromise the MySQL server v...

CVE-2023-39543

Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M MySQL version and LuxCal Web Calendar prior to 5.2.3L SQLite version allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product...

Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Exploit

Exploit Title: Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Exploit Author: Thurein Soe CVE : CVE-2022-28171 Vendor Homepage: https://www.hikvision.com Software Link: N/A Refence Link: https://cve.report/CVE-2022-28171 Version: Filmora 12: Ds-a71024 Firmware, Ds-a71024...

AZL-26176 CVE-2023-21972 affecting package mysql for versions less than 8.0.33-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

UBUNTU-CVE-2023-21977

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

AZL-25802 CVE-2023-27536 affecting package mysql for versions less than 8.0.34-1

An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION option. This vulnerability affects...

SQL Injection in 'core/ajax/ajax_data.php'

Description There exists an SQL injection affecting the edition parameter located in the file core/ajax/ajaxdata.php php $productEditionFilter = isset$GET"edition" and !empty$GET"edition" ? " productedition = '$GET"edition"' " : " producttype != 'Child' "; We see that $GET"edition" is appended...

SUSE CVE-2010-2008

MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service server crash and database loss via an ALTER DATABASE command with a mysql50 string followed by a . dot, .. dot dot, ../ dot dot slash or similar sequence, and an UPGRADE DATA DIRECTOR...

SUSE CVE-2012-0112

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492...

SUSE CVE-2012-3149

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client...

SUSE CVE-2014-0401

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors...

SUSE CVE-2014-6495

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL...

SUSE CVE-2015-4910

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached...

SUSE CVE-2016-0652

Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to DML...