This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
a0e92718-6603-11db-ab90-000e35fd8194 | mysql -- database "case-sensitive" privilege escalation Michal Prokopiuk reports a privilege escalation in MySQL. The vulnerability causes MySQL, when run on case-sensitive filesystems, to allow remote and local authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. Discovery 2006-08-09 Entry 2006-10-29 mysql-server ge 5.1 lt 5.1.12 ge 5.0 lt 5.0.25 < 4.1.21 19559 CVE-2006-4226 http://bugs.mysql.com/bug.php?id=17647 |
66a770b4-e008-11dd-a765-0030843d3802 | mysql -- empty bit-string literal denial of service MySQL reports:
Discovery 2008-09-11 Entry 2009-01-11 mysql-server ge 5.0 lt 5.0.66 ge 5.1 lt 5.1.26 ge 6.0 lt 6.0.6 CVE-2008-3963 http://bugs.mysql.com/bug.php?id=35658 http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html http://secunia.com/advisories/31769 |
8c451386-dff3-11dd-a765-0030843d3802 | mysql -- privilege escalation and overwrite of the system table information MySQL reports:
Discovery 2007-11-14 Entry 2009-01-11 mysql-server ge 4.1 lt 4.1.24 ge 5.0 lt 5.0.51 ge 5.1 lt 5.1.23 ge 6.0 lt 6.0.4 CVE-2007-5969 26765 http://bugs.mysql.com/bug.php?id=32111 |
e5e2883d-ceb9-11d8-8898-000d6111a684 | MySQL authentication bypass / buffer overflow By submitting a carefully crafted authentication packet, it is possible for an attacker to bypass password authentication in MySQL 4.1. Using a similar method, a stack buffer used in the authentication mechanism can be overflowed. Discovery 2004-07-01 Entry 2004-07-05 Modified 2004-08-28 mysql-server ge 4.1 lt 4.1.3 ge 5 le 5.0.0_2 CVE-2004-0627 CVE-2004-0628 184030 645326 http://www.nextgenss.com/advisories/mysql-authbypass.txt http://dev.mysql.com/doc/mysql/en/News-4.1.3.html http://secunia.com/advisories/12020 http://www.osvdb.org/7475 http://www.osvdb.org/7476 http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0003.html |
bb4e9a44-dff2-11dd-a765-0030843d3802 | mysql -- renaming of arbitrary tables by authenticated users MySQL reports:
Discovery 2007-05-14 Entry 2009-01-11 mysql-server ge 4.1 lt 4.1.23 ge 5.0 lt 5.0.42 ge 5.1 lt 5.1.18 CVE-2007-2691 24016 http://bugs.mysql.com/bug.php?id=27515 |
a8d8713e-dc83-11da-a22b-000c6ec775d9 | mysql50-server -- COM_TABLE_DUMP arbitrary code execution Stefano Di Paola reports:
Discovery 2006-05-02 Entry 2006-05-06 mysql-server gt 5.0 lt 5.0.21 CVE-2006-1518 http://www.wisec.it/vulns.php?page=8 http://marc.theaimsgroup.com/?l=bugtraq&m=114659633220473 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html |
240ac24c-dff3-11dd-a765-0030843d3802 | mysql -- remote dos via malformed password packet MySQL reports:
Discovery 2007-07-15 Entry 2009-01-11 mysql-server ge 4.1 lt 4.1.24 ge 5.0 lt 5.0.44 ge 5.1 lt 5.1.20 CVE-2007-3780 25017 http://bugs.mysql.com/bug.php?id=28984 |
eeae6cce-d05c-11d9-9aed-000e0c2e438a | mysql-server -- insecure temporary file creation A Zataz advisory reports that MySQL contains a security flaw which could allow a malicious local user to inject arbitrary SQL commands during the initial database creation process. The problem lies in the mysql_install_db script which creates temporary files based on the PID used by the script. Discovery 2005-05-07 Entry 2005-07-09 mysql-server gt 4.1 lt 4.1.12 gt 5.0 lt 5.0.6 13660 CVE-2005-1636 http://www.zataz.net/adviso/mysql-05172005.txt |
fcb90eb0-2ace-11db-a6e2-000e0c2e438a | mysql -- format string vulnerability Jean-David Maillefer reports a Denial of Service vulnerability
within MySQL. The vulnerability is caused by improper checking
of the data_format routine, which cause the MySQL server to
crash. The crash is triggered by the following code: Discovery 2006-06-27 Entry 2006-08-13 mysql-server ge 5.1 lt 5.1.6 ge 5.0 lt 5.0.19 ge 4.1 lt 4.1.18 19032 CVE-2006-3469 http://bugs.mysql.com/bug.php?id=20729 |
7f8cecea-f199-11da-8422-00123ffe8333 | MySQL -- SQL-injection security vulnerability MySQL reports:
Discovery 2006-05-31 Entry 2006-06-01 mysql-server ge 5.1 le 5.1.9 ge 5.0 lt 5.0.22 ge 4.1 lt 4.1.20 http://lists.mysql.com/announce/364 http://lists.mysql.com/announce/365 |
a9c51caf-6603-11db-ab90-000e35fd8194 | mysql -- database suid privilege escalation Dmitri Lenev reports a privilege escalation in MySQL. MySQL evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote and local authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE. Discovery 2006-03-29 Entry 2006-10-29 Modified 2006-10-30 mysql-server ge 5.1 lt 5.1.12 ge 5.0 lt 5.0.25 CVE-2006-4227 http://bugs.mysql.com/bug.php?id=18630 |
388d9ee4-7f22-11dd-a66a-0019666436c2 | mysql -- MyISAM table privileges security bypass vulnerability SecurityFocus reports:
Discovery 2008-05-05 Entry 2008-09-10 Modified 2008-10-10 mysql-server ge 6.0 lt 6.0.5 ge 5.1 lt 5.1.24 ge 5.0 lt 5.0.67 ge 4.1 lt 4.1.22_1 29106 CVE-2008-2079 |
738f8f9e-d661-11dd-a765-0030843d3802 | mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths MySQL Team reports:
Discovery 2008-07-03 Entry 2008-12-30 mysql-server ge 4.1 lt 4.1.25 ge 5.0 lt 5.0.75 ge 5.1 lt 5.1.28 ge 6.0 lt 6.0.6 CVE-2008-2079 CVE-2008-4097 CVE-2008-4098 http://bugs.mysql.com/bug.php?id=32167 http://dev.mysql.com/doc/refman/4.1/en/news-4-1-25.html http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-75.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-28.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25 |