Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:23821
HistoryApr 10, 2020 - 12:37 a.m.

Authorization Bypass

2020-04-1000:37:01
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

JSON

mysql is vulnerable to authorization bypass. The vulnerability exists through multiple format string flaws were found in the way the MySQL server logs user commands when creating and deleting databases. A remote, authenticated attacker with permissions to CREATE and DROP databases could use these flaws to formulate a specifically-crafted SQL command that would cause a temporary denial of service (open connections to mysqld are terminated).

References

Related

altlinux 1
nessus 22
prion 1
openvas 40
ubuntucve 1
checkpoint_advisories 1
cve 1
securityvulns 1
debian 1
fedora 1
oraclelinux 2
centos 2
redhat 3
seebug 1
ubuntu 2
gentoo 1
threatpost 1
altlinux
altlinux
Security fix for the ALT Linux 5 package MySQL version 5.0.89-alt1
2010-01-25 00:00:00
nessus
nessus
MySQL < 5.0.83 Denial of Service
2012-01-16 00:00:00
Debian DSA-1877-1 : mysql-dfsg-5.0 - denial of service/execution of arbitrary code
2010-02-24 00:00:00
Mandriva Linux Security Advisory : mysql (MDVSA-2009:159)
2009-07-28 00:00:00
prion
prion
Format string
2009-07-13 17:30:00
openvas
openvas
Mandrake Security Advisory MDVSA-2009:159 (mysql)
2009-07-29 00:00:00
Mandrake Security Advisory MDVSA-2009:179 (mysql)
2009-08-17 00:00:00
MySQL 'sql_parse.cc' Multiple Format String Vulnerabilities
2009-07-17 00:00:00
ubuntucve
ubuntucve
CVE-2009-2446
2009-07-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Sun MySQL mysql_log Format String (CVE-2009-2446)
2010-02-03 00:00:00
cve
cve
CVE-2009-2446
2009-07-13 17:30:00
securityvulns
securityvulns
MySQL format string vulnerabilities
2009-07-27 00:00:00
debian
debian
[SECURITY] [DSA 1877-1] New mysql-dfsg-5.0 packages fix arbitrary code execution
2009-09-02 18:20:43
fedora
fedora
[SECURITY] Fedora 10 Update: mysql-5.0.88-1.fc10
2009-12-11 18:23:58
oraclelinux
oraclelinux
mysql security update
2010-02-16 00:00:00
mysql security and bug fix update
2009-09-08 00:00:00
centos
centos
mysql security update
2010-02-17 16:42:25
mysql security update
2009-09-15 18:28:45
redhat
redhat
(RHSA-2010:0110) Moderate: mysql security update
2010-02-16 00:00:00
(RHSA-2009:1289) Moderate: mysql security and bug fix update
2009-09-02 09:47:12
(RHSA-2009:1461) Important: Red Hat Application Stack v2.4 security and enhancement update
2009-09-23 00:00:00
seebug
seebug
MySQL vulnerabilities
2010-02-13 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2010-02-10 00:00:00
MySQL vulnerabilities
2012-03-12 00:00:00
gentoo
gentoo
MySQL: Multiple vulnerabilities
2012-01-05 00:00:00
threatpost
threatpost
Apple Mega Patch Covers 88 Mac OS X Vulnerabilities
2010-03-29 17:15:44

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

JSON
Related for VERACODE:23821
altlinux1nessus22prion1openvas40ubuntucve1checkpoint_advisories1cve1securityvulns1debian1fedora1oraclelinux2centos2redhat3seebug1ubuntu2gentoo1threatpost1