Multiple vulnerabilities in Google, mysql
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU43712
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2012-2750
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a "Security Fix", aka Bug #59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of 20120816, Oracle has not commented on this possibility.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.5.0 - 5.5.22
CPE2.3- cpe:2.3::google:mysql:5.5.0:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.2:*:*:*:*:*:*:*
https://dev.mysql.com/doc/refman/5.5/en/news-5-5-23.html
https://www.debian.org/security/2013/dsa-2780
https://www.mandriva.com/security/advisories?name=MDVSA-2013:250
https://www.securityfocus.com/bid/63125
https://www.securitytracker.com/id/1029184
https://bugzilla.redhat.com/show_bug.cgi?id=833742
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU43842
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-1757
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.5.0 - 5.5.22
CPE2.3- cpe:2.3::google:mysql:5.5.0:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.2:*:*:*:*:*:*:*
https://osvdb.org/83977
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
https://www.securityfocus.com/bid/54526
https://www.securitytracker.com/id?1027263
https://exchange.xforce.ibmcloud.com/vulnerabilities/77062
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU43843
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-1756
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.5.0 - 5.5.22
CPE2.3- cpe:2.3::google:mysql:5.5.0:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.2:*:*:*:*:*:*:*
https://osvdb.org/83978
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
https://www.securityfocus.com/bid/54524
https://www.securitytracker.com/id?1027263
https://exchange.xforce.ibmcloud.com/vulnerabilities/77063
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU43845
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-0540
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.1 - 5.5.22
CPE2.3- cpe:2.3::google:mysql:5.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.2:*:*:*:*:*:*:*
https://osvdb.org/83976
https://rhn.redhat.com/errata/RHSA-2012-1462.html
https://secunia.com/advisories/51309
https://secunia.com/advisories/53372
https://security.gentoo.org/glsa/glsa-201308-06.xml
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
https://www.securityfocus.com/bid/54551
https://www.securitytracker.com/id?1027263
https://exchange.xforce.ibmcloud.com/vulnerabilities/77061
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU43846
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-1689
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.1 - 5.5.22
CPE2.3- cpe:2.3::google:mysql:5.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.2:*:*:*:*:*:*:*
https://osvdb.org/83980
https://rhn.redhat.com/errata/RHSA-2012-1462.html
https://secunia.com/advisories/51309
https://secunia.com/advisories/53372
https://security.gentoo.org/glsa/glsa-201308-06.xml
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
https://www.securityfocus.com/bid/54547
https://www.securitytracker.com/id?1027263
https://exchange.xforce.ibmcloud.com/vulnerabilities/77065
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU43847
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-1734
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.1 - 5.5.22
CPE2.3- cpe:2.3::google:mysql:5.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.2:*:*:*:*:*:*:*
https://osvdb.org/83979
https://rhn.redhat.com/errata/RHSA-2012-1462.html
https://secunia.com/advisories/51309
https://secunia.com/advisories/53372
https://security.gentoo.org/glsa/glsa-201308-06.xml
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
https://www.securityfocus.com/bid/54540
https://www.securitytracker.com/id?1027263
https://exchange.xforce.ibmcloud.com/vulnerabilities/77064
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU43848
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-1735
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.
Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.5.0 - 5.5.22
CPE2.3- cpe:2.3::google:mysql:5.5.0:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.2:*:*:*:*:*:*:*
https://osvdb.org/83975
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
https://www.securityfocus.com/bid/54549
https://www.securitytracker.com/id?1027263
https://exchange.xforce.ibmcloud.com/vulnerabilities/77060
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
