SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Juniper Junos Space Vendors:   Juniper
(Juniper Issues Fix for Juniper Junos Space) MySQL Multiple Bugs Let Remote and Local Users Partially Access and Modify Data and Partially Deny Service
SecurityTracker Alert ID:  1033838
SecurityTracker URL:  http://securitytracker.com/id/1033838
CVE Reference:   CVE-2014-6478, CVE-2014-6491, CVE-2014-6494, CVE-2014-6495, CVE-2014-6496, CVE-2014-6500, CVE-2014-6559   (Links to External Site)
Date:  Oct 16 2015
Impact:   Denial of service via local system, Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 15.1R1
Description:   Multiple vulnerabilities were reported in MySQL. A remote or local user can partially access data, partially modify data, and partially deny service. Juniper Junos Space is affected.

A remote authenticated user can exploit a flaw in the MySQL Server component to partially access data, partially modify data, and deny service [CVE-2014-6507].

A remote user can exploit a flaw in the MySQL Server component to partially access data, partially modify data, and partially deny service [CVE-2014-6491].

A remote user can exploit a flaw in the MySQL Server component to partially access data, partially modify data, and partially deny service [CVE-2014-6500].

A remote authenticated user can exploit a flaw in the MySQL Server component to cause denial of service conditions [CVE-2014-6469].

A remote user can exploit a flaw in the MySQL Server component to partially access data, partially modify data, and partially deny service [CVE-2014-0224].

A remote authenticated user can exploit a flaw in the MySQL Server component to partially access data, partially modify data, and partially deny service [CVE-2014-6530].

A remote authenticated user can exploit a flaw in the MySQL Server component to partially access data, partially modify data, and partially deny service [CVE-2014-6555].

A remote authenticated user can exploit a flaw in the MySQL Server component to partially modify data and cause partial denial of service conditions [CVE-2014-6489].

A remote user can exploit a flaw in the MySQL Server component to partially access data [CVE-2012-5615].

A remote user can exploit a flaw in the MySQL Server component to partially access data [CVE-2014-6559].

A remote user can exploit a flaw in the MySQL Server component to cause partial denial of service conditions [CVE-2014-6494].

A remote user can exploit a flaw in the MySQL Server component to cause partial denial of service conditions [CVE-2014-6496].

A remote user can exploit a flaw in the MySQL Server component to cause partial denial of service conditions [CVE-2014-6495].

A remote user can exploit a flaw in the MySQL Server component to partially modify data [CVE-2014-6478].

A local user can exploit a flaw in the MySQL Server component to partially access data, partially modify data, and partially deny service [CVE-2014-4274].

A remote authenticated user can exploit a flaw in the MySQL Server component to cause partial denial of service conditions [CVE-2014-4287].

A remote authenticated user can exploit a flaw in the MySQL Server component to cause partial denial of service conditions [CVE-2014-6520].

A remote authenticated user can exploit a flaw in the MySQL Server component to cause partial denial of service conditions [CVE-2014-6484].

A remote authenticated user can exploit a flaw in the MySQL Server component to cause partial denial of service conditions [CVE-2014-6464].

A remote authenticated user can exploit a flaw in the MySQL Server component to cause partial denial of service conditions [CVE-2014-6564].

A remote authenticated user can exploit a flaw in the MySQL Server component to cause partial denial of service conditions [CVE-2014-6505].

A remote authenticated user can exploit a flaw in the MySQL Server component to cause partial denial of service conditions [CVE-2014-6474].

A remote user can exploit a flaw in the MySQL Server component to cause partial denial of service conditions [CVE-2014-6463].

A local user can exploit a flaw in the MySQL Server component to partially access data [CVE-2014-6551].

The following researchers reported these and other Oracle vulnerabilities:

0ang3el; Adam Gowdiak of Security Explorations; Adam Willard of Foreground Security; Alberto Garcia Illera of Salesforce.com; Alexey Tyurin of ERPScan; Dhanesh K.; Florian Weimer of Red Hat; Gleb Cherbov of ERPScan; Ilja van Sprundel of ioactive.com;
Ivan Chalykin of ERPScan; Jakub Palaczynski; Khai Tran of Netspi; Laszlo Toth; Lupin LanYuShi; Meder Kydyraliev of Google; Nikita Kelesis of ERPScan; Recx; Richard Dalton;
Sergey Gorbaty of Salesforce.com; Sloane Bernstein of cPanel; Stefan Nordhausen; Wolfgang Ettlinger of SEC Consult Vulnerability Lab; Yash Kadakia of Security Brigade; Yuki Chen of Qihoo working with HP's Zero Day Initiative; and Zubin Mithra

Impact:   A remote or local user can cause partial denial of service conditions.

A remote or local user can partially access and modify data.

Solution:   Juniper has issued a fix for CVE-2014-6478, CVE-2014-6491, CVE-2014-6494, CVE-2014-6495, CVE-2014-6496, CVE-2014-6500, and CVE-2014-6559 for Juniper Junos Space (15.1R1).

The Juniper advisory is available at:

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698

Vendor URL:  kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 (Links to External Site)
Cause:   Not specified

Message History:   This archive entry is a follow-up to the message listed below.
Oct 15 2014 MySQL Multiple Bugs Let Remote and Local Users Partially Access and Modify Data and Partially Deny Service



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC