- Home
- CVEs with nessus.description==Multiple vulnerabilities has been found and corrected in mysql :
MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does
not properly handle a b'' (b single-quote single-quote) token, aka an
empty bit-string literal, which allows remote attackers to cause a
denial of service (daemon crash) by using this token in a SQL
statement (CVE-2008-3963).
MySQL 5.0.51a allows local users to bypass certain privilege checks by
calling CREATE TABLE on a MyISAM table with modified (1) DATA
DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with
symlinks within pathnames for subdirectories of the MySQL home data
directory, which are followed when tables are created in the future.
NOTE: this vulnerability exists because of an incomplete fix for
CVE-2008-2079 (CVE-2008-4097).
MySQL before 5.0.67 allows local users to bypass certain privilege
checks by calling CREATE TABLE on a MyISAM table with modified (1)
DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally
associated with pathnames without symlinks, and that can point to
tables created at a future time at which a pathname is modified to
contain a symlink to a subdirectory of the MySQL home data directory.
NOTE: this vulnerability exists because of an incomplete fix for
CVE-2008-4097 (CVE-2008-4098).
Cross-site scripting (XSS) vulnerability in the command-line client in
MySQL 5.0.26 through 5.0.45, when the --html option is enabled, allows
attackers to inject arbitrary web script or HTML by placing it in a
database cell, which might be accessed by this client when composing
an HTML document (CVE-2008-4456).
bugs in the Mandriva Linux 2008.1 packages that has been fixed :
o upstream fix for mysql bug35754 (#38398, #44691) o fix #46116
(initialization file mysqld-max don't show correct application status)
o fix upstream bug 42366
bugs in the Mandriva Linux 2009.0 packages that has been fixed :
o upgraded 5.0.67 to 5.0.77 (fixes CVE-2008-3963, CVE-2008-4097,
CVE-2008-4098) o no need to workaround #38398, #44691 anymore (since
5.0.75) o fix upstream bug 42366 o fix #46116 (initialization file
mysqld-max don't show correct application status) o sphinx-0.9.8.1
bugs in the Mandriva Linux Corporate Server 4 packages that has been
fixed: o fix upstream bug 42366 o fix #46116 (initialization file
mysqld-max don't show correct application status)
The updated packages have been patched to correct these issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top