CVE-2014-2444 — Path Traversal in Oracle Mysql

CWE-22 — Path Traversal CWE-59 — Link Following7 documents6 sources

Severity

6.5MEDIUMNVD

GHSA8.1

EPSS

0.3%

top 47.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Mysql

Timeline

PublishedApr 16

Latest updateMay 24

Description

Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

▶NVDoracle/mysql5.6.15+15

🔴Vulnerability Details

GHSA

Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins↗2022-05-24

▶

GHSA

GHSA-3gfm-33cm-9xhw: Unspecified vulnerability in Oracle MySQL Server 5↗2022-05-17

▶

OSV

CVE-2014-2444: Unspecified vulnerability in Oracle MySQL Server 5↗2014-04-16

▶

📋Vendor Advisories

Red Hat

mysql: unspecified vulnerability related to InnoDB (CPU April 2014)↗2014-04-15

▶

💬Community

Bugzilla

CVE-2014-2444 mysql: unspecified vulnerability related to InnoDB (CPU April 2014)↗2014-04-16

▶

Bugzilla

CVE-2014-2442 CVE-2014-2450 CVE-2014-2444 CVE-2014-2451 CVE-2014-2435 CVE-2014-2434 community-mysql: various flaws [fedora-rawhide]↗2014-04-16

▶