This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-05-25 07:15:41 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
fcb90eb0-2ace-11db-a6e2-000e0c2e438a | mysql -- format string vulnerability Jean-David Maillefer reports a Denial of Service vulnerability
within MySQL. The vulnerability is caused by improper checking
of the data_format routine, which cause the MySQL server to
crash. The crash is triggered by the following code: Discovery 2006-06-27 Entry 2006-08-13 mysql-server ge 5.1 lt 5.1.6 ge 5.0 lt 5.0.19 ge 4.1 lt 4.1.18 19032 CVE-2006-3469 http://bugs.mysql.com/bug.php?id=20729 |
738f8f9e-d661-11dd-a765-0030843d3802 | mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths MySQL Team reports:
Discovery 2008-07-03 Entry 2008-12-30 mysql-server ge 4.1 lt 4.1.25 ge 5.0 lt 5.0.75 ge 5.1 lt 5.1.28 ge 6.0 lt 6.0.6 CVE-2008-2079 CVE-2008-4097 CVE-2008-4098 http://bugs.mysql.com/bug.php?id=32167 http://dev.mysql.com/doc/refman/4.1/en/news-4-1-25.html http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-75.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-28.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25 |
7f8cecea-f199-11da-8422-00123ffe8333 | MySQL -- SQL-injection security vulnerability MySQL reports:
Discovery 2006-05-31 Entry 2006-06-01 mysql-server ge 5.1 le 5.1.9 ge 5.0 lt 5.0.22 ge 4.1 lt 4.1.20 http://lists.mysql.com/announce/364 http://lists.mysql.com/announce/365 |
06a6b2cf-484b-11d9-813c-00065be4b5b6 | mysql -- ALTER MERGE denial of service vulnerability Dean Ellis reported a denial of service vulnerability in the MySQL server:
Note that a script demonstrating the problem is included in the MySQL bug report. Attackers that have control of a MySQL account can easily use a modified version of that script during an attack. Discovery 2004-01-15 Entry 2004-12-16 Modified 2005-03-15 mysql-server le 3.23.58_3 ge 4.* lt 4.0.21 ge 4.1.* lt 4.1.1 CVE-2004-0837 11357 http://bugs.mysql.com/bug.php?id=2408 http://rhn.redhat.com/errata/RHSA-2004-611.html |
4913886c-e875-11da-b9f4-00123ffe8333 | MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities Secunia reports:
Discovery 2006-05-02 Entry 2006-06-01 mysql-server gt 4.0 lt 4.0.27 gt 4.1 lt 4.1.19 gt 5.1 le 5.1.9 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518 602457 http://www.wisec.it/vulns.php?page=7 http://www.wisec.it/vulns.php?page=8 http://dev.mysql.com/doc/refman/4.1/en/news-4-0-27.html http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html http://secunia.com/advisories/19929/ http://www.vuxml.org/freebsd/a8d8713e-dc83-11da-a22b-000c6ec775d9.html |
bb4e9a44-dff2-11dd-a765-0030843d3802 | mysql -- renaming of arbitrary tables by authenticated users MySQL reports:
Discovery 2007-05-14 Entry 2009-01-11 mysql-server ge 4.1 lt 4.1.23 ge 5.0 lt 5.0.42 ge 5.1 lt 5.1.18 CVE-2007-2691 24016 http://bugs.mysql.com/bug.php?id=27515 |
a0e92718-6603-11db-ab90-000e35fd8194 | mysql -- database "case-sensitive" privilege escalation Michal Prokopiuk reports a privilege escalation in MySQL. The vulnerability causes MySQL, when run on case-sensitive filesystems, to allow remote and local authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. Discovery 2006-08-09 Entry 2006-10-29 mysql-server ge 5.1 lt 5.1.12 ge 5.0 lt 5.0.25 < 4.1.21 19559 CVE-2006-4226 http://bugs.mysql.com/bug.php?id=17647 |
240ac24c-dff3-11dd-a765-0030843d3802 | mysql -- remote dos via malformed password packet MySQL reports:
Discovery 2007-07-15 Entry 2009-01-11 mysql-server ge 4.1 lt 4.1.24 ge 5.0 lt 5.0.44 ge 5.1 lt 5.1.20 CVE-2007-3780 25017 http://bugs.mysql.com/bug.php?id=28984 |
e5e2883d-ceb9-11d8-8898-000d6111a684 | MySQL authentication bypass / buffer overflow By submitting a carefully crafted authentication packet, it is possible for an attacker to bypass password authentication in MySQL 4.1. Using a similar method, a stack buffer used in the authentication mechanism can be overflowed. Discovery 2004-07-01 Entry 2004-07-05 Modified 2004-08-28 mysql-server ge 4.1 lt 4.1.3 ge 5 le 5.0.0_2 CVE-2004-0627 CVE-2004-0628 184030 645326 http://www.nextgenss.com/advisories/mysql-authbypass.txt http://dev.mysql.com/doc/mysql/en/News-4.1.3.html http://secunia.com/advisories/12020 http://www.osvdb.org/7475 http://www.osvdb.org/7476 http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0003.html |
619ef337-949a-11d9-b813-00d05964249f | mysql-server -- multiple remote vulnerabilities SecurityFocus reports:
Discovery 2005-03-11 Entry 2005-03-14 mysql-server ge 4.0.0 lt 4.0.24 ge 4.1.0 lt 4.1.10a 12781 CVE-2005-0709 CVE-2005-0710 CVE-2005-0711 |
8c451386-dff3-11dd-a765-0030843d3802 | mysql -- privilege escalation and overwrite of the system table information MySQL reports:
Discovery 2007-11-14 Entry 2009-01-11 mysql-server ge 4.1 lt 4.1.24 ge 5.0 lt 5.0.51 ge 5.1 lt 5.1.23 ge 6.0 lt 6.0.4 CVE-2007-5969 26765 http://bugs.mysql.com/bug.php?id=32111 |
388d9ee4-7f22-11dd-a66a-0019666436c2 | mysql -- MyISAM table privileges security bypass vulnerability SecurityFocus reports:
Discovery 2008-05-05 Entry 2008-09-10 Modified 2008-10-10 mysql-server ge 6.0 lt 6.0.5 ge 5.1 lt 5.1.24 ge 5.0 lt 5.0.67 ge 4.1 lt 4.1.22_1 29106 CVE-2008-2079 |
eeae6cce-d05c-11d9-9aed-000e0c2e438a | mysql-server -- insecure temporary file creation A Zataz advisory reports that MySQL contains a security flaw which could allow a malicious local user to inject arbitrary SQL commands during the initial database creation process. The problem lies in the mysql_install_db script which creates temporary files based on the PID used by the script. Discovery 2005-05-07 Entry 2005-07-09 mysql-server gt 4.1 lt 4.1.12 gt 5.0 lt 5.0.6 13660 CVE-2005-1636 http://www.zataz.net/adviso/mysql-05172005.txt |
77420ebb-0cf4-11d9-8a8a-000c41e2cdad | mysql -- heap buffer overflow with prepared statements There is a buffer overflow in the prepared statements API (libmysqlclient) when a statement containing thousands of placeholders is executed. Discovery 2004-09-08 Entry 2004-09-23 mysql-server mysql-client ge 4.1.0 le 4.1.4 http://bugs.mysql.com/bug.php?id=5194 http://dev.mysql.com/doc/mysql/en/News-4.1.5.html http://mysql.bkbits.net:8080/mysql-4.1/cset@1.1932.152.4 |