CVE-2014-4258

Oracle MySQL <5.5.38 & <5.6.18 - Info Disclosure

Title source: llm

Description

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.

References (12)

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2014/Dec/23

[Not Applicable] http://secunia.com/advisories/60425

[Third Party Advisory] http://www.debian.org/security/2014/dsa-2985

[Vendor Advisory] http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

[Vendor Advisory] http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/534161/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/68564

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1030578

[Third Party Advisory] http://www.vmware.com/security/advisories/VMSA-2014-0012.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/94620

Scores

EPSS 0.0060

EPSS Percentile 69.0%

Classification

Status draft

Affected Products (24)

oracle/mysql < 5.5.37

vmware/vcenter_server_appliance

oracle/solaris

opensuse_project/suse_linux_enterprise_desktop

opensuse_project/suse_linux_enterprise_server

opensuse_project/suse_linux_enterprise_software_development_kit

debian/debian_linux

... and 9 more

Timeline

Published Jul 17, 2014

Tracked Since Feb 18, 2026