U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:mariadb:mariadb:5.2.4:*:*:*:*:*:*:*
There are 33 matching records.
Displaying matches 21 through 33.
Vuln ID Summary CVSS Severity
CVE-2012-4414

Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.

Published: January 22, 2013; 6:55:02 PM -0500
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2013-0389

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Published: January 16, 2013; 8:55:05 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-0385

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.

Published: January 16, 2013; 8:55:05 PM -0500
V3.x:(not available)
V2.0: 6.6 MEDIUM
CVE-2013-0384

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.

Published: January 16, 2013; 8:55:05 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-0383

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.

Published: January 16, 2013; 8:55:05 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-0375

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.

Published: January 16, 2013; 8:55:04 PM -0500
V3.1: 5.4 MEDIUM
V2.0: 5.5 MEDIUM
CVE-2012-1705

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Published: January 16, 2013; 8:55:02 PM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2012-1702

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.

Published: January 16, 2013; 8:55:02 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-0574

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.

Published: January 16, 2013; 8:55:02 PM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2012-0572

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Published: January 16, 2013; 8:55:01 PM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2012-5612

Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.

Published: December 03, 2012; 7:49:43 AM -0500
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2012-5611

Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.

Published: December 03, 2012; 7:49:43 AM -0500
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2012-2122

sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.

Published: June 26, 2012; 2:55:05 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM