CVE-2015-0411
published 2015-01-21CVE-2015-0411: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and…
PriorityP349high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
10.04%
95.0th percentile
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| mariadb | mariadb | >= 10.0.0 < 10.0.16 | 10.0.16 |
| mariadb | mariadb | >= 5.5.0 < 5.5.41 | 5.5.41 |
| oracle | communications_policy_management | <= 9.7.3 | — |
| oracle | communications_policy_management | — | — |
| oracle | communications_policy_management | — | — |
| oracle | communications_policy_management | — | — |
| oracle | mysql | 5.5.0 – 5.5.40 | — |
| oracle | mysql | 5.6.0 – 5.6.21 | — |
| oracle | solaris | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-93cc-hvf6-66vv: Unspecified vulnerability in Oracle MySQL Server 5
ghsa_unreviewed·2022-05-14
CVE-2015-0411 [HIGH] GHSA-93cc-hvf6-66vv: Unspecified vulnerability in Oracle MySQL Server 5
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.
OSV
CVE-2015-0411: Unspecified vulnerability in Oracle MySQL Server 5
osv·2015-01-21·CVSS 7.5
CVE-2015-0411 [HIGH] CVE-2015-0411: Unspecified vulnerability in Oracle MySQL Server 5
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.
Ubuntu
MySQL vulnerabilities
vendor_ubuntu·2015-01-22
CVE-2014-6568 MySQL vulnerabilities
Title: MySQL vulnerabilities
Summary: Several security issues were fixed in MySQL.
Multiple security issues were discovered in MySQL and this update includes
a new upstream MySQL version to fix these issues. MySQL has been updated to
5.5.41.
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
mysql: unspecified vulnerability related to Server:Security:Encryption (CPU Jan 2015)
vendor_redhat·2015-01-21·CVSS 7.5
CVE-2015-0411 [HIGH] mysql: unspecified vulnerability related to Server:Security:Encryption (CPU Jan 2015)
mysql: unspecified vulnerability related to Server:Security:Encryption (CPU Jan 2015)
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.
Package: mysql (Red Hat Enterprise Linux 6) - Affected
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-0381 mysql: unspecified vulnerability related to Server:Replication (CPU Jan 2015)
bugzilla·2015-01-21·CVSS 4.3
CVE-2015-0381 [MEDIUM] CVE-2015-0381 mysql: unspecified vulnerability related to Server:Replication (CPU Jan 2015)
CVE-2015-0381 mysql: unspecified vulnerability related to Server:Replication (CPU Jan 2015)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Replication). Supported versions that are affected are 5.5.40 and earlier and 5.6.21 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
External References:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
Discussion:
This issue has been addressed in the following products:
Red Hat Software Collections 1 for Red Hat Enterprise Linux 7
Red Hat Software C
Bugzilla
CVE-2015-0411 mysql: unspecified vulnerability related to Server:Security:Encryption (CPU Jan 2015)
bugzilla·2015-01-21·CVSS 7.5
CVE-2015-0411 [HIGH] CVE-2015-0411 mysql: unspecified vulnerability related to Server:Security:Encryption (CPU Jan 2015)
CVE-2015-0411 mysql: unspecified vulnerability related to Server:Security:Encryption (CPU Jan 2015)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Encryption). Supported versions that are affected are 5.5.40 and earlier and 5.6.21 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some MySQL Server accessible data as well as read access to a subset of MySQL Server accessible data and ability to cause a partial denial of service (partial DOS) of MySQL Server.
External References:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
Discu
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0116.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0117.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0118.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1628.htmlhttp://secunia.com/advisories/62728http://secunia.com/advisories/62730http://secunia.com/advisories/62732http://www.debian.org/security/2015/dsa-3135http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://www.securityfocus.com/bid/72191http://www.securitytracker.com/id/1031581http://www.ubuntu.com/usn/USN-2480-1https://exchange.xforce.ibmcloud.com/vulnerabilities/100183https://security.gentoo.org/glsa/201504-05http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0116.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0117.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0118.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1628.htmlhttp://secunia.com/advisories/62728http://secunia.com/advisories/62730http://secunia.com/advisories/62732http://www.debian.org/security/2015/dsa-3135http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://www.securityfocus.com/bid/72191http://www.securitytracker.com/id/1031581http://www.ubuntu.com/usn/USN-2480-1https://exchange.xforce.ibmcloud.com/vulnerabilities/100183https://security.gentoo.org/glsa/201504-05
2015-01-21
Published