This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-23 14:57:51 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
01c231cd-4393-11d9-8bb9-00065be4b5b6 | mysql -- GRANT access restriction problem When a user is granted access to a database with a name containing an underscore and the underscore is not escaped then that user might also be able to access other, similarly named, databases on the affected system. The problem is that the underscore is seen as a wildcard by MySQL and therefore it is possible that an admin might accidently GRANT a user access to multiple databases. Discovery 2004-03-29 Entry 2004-12-16 Modified 2005-03-15 mysql-server le 3.23.58_3 ge 4.* lt 4.0.21 CVE-2004-0957 11435 http://bugs.mysql.com/bug.php?id=3933 http://rhn.redhat.com/errata/RHSA-2004-611.html http://www.openpkg.org/security/OpenPKG-SA-2004.045-mysql.html |
035d17b2-484a-11d9-813c-00065be4b5b6 | mysql -- erroneous access restrictions applied to table renames A Red Hat advisory reports:
Table access restrictions, on the affected MySQL servers, may accidently or intentially be bypassed due to this bug. Discovery 2004-03-23 Entry 2004-12-16 Modified 2005-03-15 mysql-server le 3.23.58_3 ge 4.* lt 4.0.21 CVE-2004-0835 11357 http://bugs.mysql.com/bug.php?id=3270 http://rhn.redhat.com/errata/RHSA-2004-611.html http://xforce.iss.net/xforce/xfdb/17666 |
06a6b2cf-484b-11d9-813c-00065be4b5b6 | mysql -- ALTER MERGE denial of service vulnerability Dean Ellis reported a denial of service vulnerability in the MySQL server:
Note that a script demonstrating the problem is included in the MySQL bug report. Attackers that have control of a MySQL account can easily use a modified version of that script during an attack. Discovery 2004-01-15 Entry 2004-12-16 Modified 2005-03-15 mysql-server le 3.23.58_3 ge 4.* lt 4.0.21 ge 4.1.* lt 4.1.1 CVE-2004-0837 11357 http://bugs.mysql.com/bug.php?id=2408 http://rhn.redhat.com/errata/RHSA-2004-611.html |
240ac24c-dff3-11dd-a765-0030843d3802 | mysql -- remote dos via malformed password packet MySQL reports:
Discovery 2007-07-15 Entry 2009-01-11 mysql-server ge 4.1 lt 4.1.24 ge 5.0 lt 5.0.44 ge 5.1 lt 5.1.20 CVE-2007-3780 25017 http://bugs.mysql.com/bug.php?id=28984 |
29edd807-438d-11d9-8bb9-00065be4b5b6 | mysql -- FTS request denial of service vulnerability A special crafted MySQL FTS request can cause the server to crash. Malicious MySQL users can abuse this bug in a denial of service attack against systems running an affected MySQL daemon. Note that because this bug is related to the parsing of requests, it may happen that this bug is triggered accidently by a user when he or she makes a typo. Discovery 2004-03-23 Entry 2004-12-16 mysql-server ge 4.* lt 4.0.21 http://bugs.mysql.com/bug.php?id=3870 CVE-2004-0956 11432 |
388d9ee4-7f22-11dd-a66a-0019666436c2 | mysql -- MyISAM table privileges security bypass vulnerability SecurityFocus reports:
Discovery 2008-05-05 Entry 2008-09-10 Modified 2008-10-10 mysql-server ge 6.0 lt 6.0.5 ge 5.1 lt 5.1.24 ge 5.0 lt 5.0.67 ge 4.1 lt 4.1.22_1 29106 CVE-2008-2079 |
4913886c-e875-11da-b9f4-00123ffe8333 | MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities Secunia reports:
Discovery 2006-05-02 Entry 2006-06-01 mysql-server gt 4.0 lt 4.0.27 gt 4.1 lt 4.1.19 gt 5.1 le 5.1.9 CVE-2006-1516 CVE-2006-1517 CVE-2006-1518 602457 http://www.wisec.it/vulns.php?page=7 http://www.wisec.it/vulns.php?page=8 http://dev.mysql.com/doc/refman/4.1/en/news-4-0-27.html http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html http://secunia.com/advisories/19929/ http://www.vuxml.org/freebsd/a8d8713e-dc83-11da-a22b-000c6ec775d9.html |
619ef337-949a-11d9-b813-00d05964249f | mysql-server -- multiple remote vulnerabilities SecurityFocus reports:
Discovery 2005-03-11 Entry 2005-03-14 mysql-server ge 4.0.0 lt 4.0.24 ge 4.1.0 lt 4.1.10a 12781 CVE-2005-0709 CVE-2005-0710 CVE-2005-0711 |
66a770b4-e008-11dd-a765-0030843d3802 | mysql -- empty bit-string literal denial of service MySQL reports:
Discovery 2008-09-11 Entry 2009-01-11 mysql-server ge 5.0 lt 5.0.66 ge 5.1 lt 5.1.26 ge 6.0 lt 6.0.6 CVE-2008-3963 http://bugs.mysql.com/bug.php?id=35658 http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html http://secunia.com/advisories/31769 |
738f8f9e-d661-11dd-a765-0030843d3802 | mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths MySQL Team reports:
Discovery 2008-07-03 Entry 2008-12-30 mysql-server ge 4.1 lt 4.1.25 ge 5.0 lt 5.0.75 ge 5.1 lt 5.1.28 ge 6.0 lt 6.0.6 CVE-2008-2079 CVE-2008-4097 CVE-2008-4098 http://bugs.mysql.com/bug.php?id=32167 http://dev.mysql.com/doc/refman/4.1/en/news-4-1-25.html http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-75.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-28.html http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25 |
77420ebb-0cf4-11d9-8a8a-000c41e2cdad | mysql -- heap buffer overflow with prepared statements There is a buffer overflow in the prepared statements API (libmysqlclient) when a statement containing thousands of placeholders is executed. Discovery 2004-09-08 Entry 2004-09-23 mysql-server mysql-client ge 4.1.0 le 4.1.4 http://bugs.mysql.com/bug.php?id=5194 http://dev.mysql.com/doc/mysql/en/News-4.1.5.html http://mysql.bkbits.net:8080/mysql-4.1/cset@1.1932.152.4 |
7f8cecea-f199-11da-8422-00123ffe8333 | MySQL -- SQL-injection security vulnerability MySQL reports:
Discovery 2006-05-31 Entry 2006-06-01 mysql-server ge 5.1 le 5.1.9 ge 5.0 lt 5.0.22 ge 4.1 lt 4.1.20 http://lists.mysql.com/announce/364 http://lists.mysql.com/announce/365 |
835256b8-46ed-11d9-8ce0-00065be4b5b6 | mysql -- mysql_real_connect buffer overflow vulnerability The mysql_real_connect function doesn't properly handle DNS replies by copying the IP address into a buffer without any length checking. A specially crafted DNS reply may therefore be used to cause a buffer overflow on affected systems. Note that whether this issue can be exploitable depends on the system library responsible for the gethostbyname function. The bug finder, Lukasz Wojtow, explaines this with the following words:
Discovery 2004-06-04 Entry 2004-12-16 Modified 2005-03-15 mysql-server le 3.23.58_3 ge 4.* lt 4.0.21 mysql-client le 3.23.58_3 ge 4.* lt 4.0.21 CVE-2004-0836 10981 http://bugs.mysql.com/bug.php?id=4017 http://lists.mysql.com/internals/14726 http://rhn.redhat.com/errata/RHSA-2004-611.html http://www.osvdb.org/displayvuln.php?osvdb_id=10658 |
8c451386-dff3-11dd-a765-0030843d3802 | mysql -- privilege escalation and overwrite of the system table information MySQL reports:
Discovery 2007-11-14 Entry 2009-01-11 mysql-server ge 4.1 lt 4.1.24 ge 5.0 lt 5.0.51 ge 5.1 lt 5.1.23 ge 6.0 lt 6.0.4 CVE-2007-5969 26765 http://bugs.mysql.com/bug.php?id=32111 |
8c773d7f-6cbb-11e2-b242-c8600054b392 | mysql/mariadb/percona server -- multiple vulnerabilities ORACLE reports:
Discovery 2012-12-01 Entry 2013-02-01 mysql-server ge 5.1 lt 5.1.67 ge 5.5 lt 5.5.29 mariadb-server ge 5.3 lt 5.3.12 ge 5.5 lt 5.5.29 percona-server ge 5.5 lt 5.5.29.29.4 CVE-2012-4414 CVE-2012-5611 CVE-2012-5612 CVE-2012-5615 CVE-2012-5627 https://mariadb.atlassian.net/browse/MDEV-4029 https://mariadb.atlassian.net/browse/MDEV-MDEV-729 https://mariadb.atlassian.net/browse/MDEV-MDEV-729 http://www.mysqlperformanceblog.com/2013/01/23/announcing-percona-server-5-5-29-29-4/ |
a0e92718-6603-11db-ab90-000e35fd8194 | mysql -- database "case-sensitive" privilege escalation Michal Prokopiuk reports a privilege escalation in MySQL. The vulnerability causes MySQL, when run on case-sensitive filesystems, to allow remote and local authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. Discovery 2006-08-09 Entry 2006-10-29 mysql-server ge 5.1 lt 5.1.12 ge 5.0 lt 5.0.25 < 4.1.21 19559 CVE-2006-4226 http://bugs.mysql.com/bug.php?id=17647 |
a8d8713e-dc83-11da-a22b-000c6ec775d9 | mysql50-server -- COM_TABLE_DUMP arbitrary code execution Stefano Di Paola reports:
Discovery 2006-05-02 Entry 2006-05-06 mysql-server gt 5.0 lt 5.0.21 CVE-2006-1518 http://www.wisec.it/vulns.php?page=8 http://marc.theaimsgroup.com/?l=bugtraq&m=114659633220473 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html |
a9c51caf-6603-11db-ab90-000e35fd8194 | mysql -- database suid privilege escalation Dmitri Lenev reports a privilege escalation in MySQL. MySQL evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote and local authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE. Discovery 2006-03-29 Entry 2006-10-29 Modified 2006-10-30 mysql-server ge 5.1 lt 5.1.12 ge 5.0 lt 5.0.25 CVE-2006-4227 http://bugs.mysql.com/bug.php?id=18630 |
bb4e9a44-dff2-11dd-a765-0030843d3802 | mysql -- renaming of arbitrary tables by authenticated users MySQL reports:
Discovery 2007-05-14 Entry 2009-01-11 mysql-server ge 4.1 lt 4.1.23 ge 5.0 lt 5.0.42 ge 5.1 lt 5.1.18 CVE-2007-2691 24016 http://bugs.mysql.com/bug.php?id=27515 |
e5e2883d-ceb9-11d8-8898-000d6111a684 | MySQL authentication bypass / buffer overflow By submitting a carefully crafted authentication packet, it is possible for an attacker to bypass password authentication in MySQL 4.1. Using a similar method, a stack buffer used in the authentication mechanism can be overflowed. Discovery 2004-07-01 Entry 2004-07-05 Modified 2004-08-28 mysql-server ge 4.1 lt 4.1.3 ge 5 le 5.0.0_2 CVE-2004-0627 CVE-2004-0628 184030 645326 http://www.nextgenss.com/advisories/mysql-authbypass.txt http://dev.mysql.com/doc/mysql/en/News-4.1.3.html http://secunia.com/advisories/12020 http://www.osvdb.org/7475 http://www.osvdb.org/7476 http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0003.html |
eeae6cce-d05c-11d9-9aed-000e0c2e438a | mysql-server -- insecure temporary file creation A Zataz advisory reports that MySQL contains a security flaw which could allow a malicious local user to inject arbitrary SQL commands during the initial database creation process. The problem lies in the mysql_install_db script which creates temporary files based on the PID used by the script. Discovery 2005-05-07 Entry 2005-07-09 mysql-server gt 4.1 lt 4.1.12 gt 5.0 lt 5.0.6 13660 CVE-2005-1636 http://www.zataz.net/adviso/mysql-05172005.txt |
fcb90eb0-2ace-11db-a6e2-000e0c2e438a | mysql -- format string vulnerability Jean-David Maillefer reports a Denial of Service vulnerability
within MySQL. The vulnerability is caused by improper checking
of the data_format routine, which cause the MySQL server to
crash. The crash is triggered by the following code: Discovery 2006-06-27 Entry 2006-08-13 mysql-server ge 5.1 lt 5.1.6 ge 5.0 lt 5.0.19 ge 4.1 lt 4.1.18 19032 CVE-2006-3469 http://bugs.mysql.com/bug.php?id=20729 |