Multiple vulnerabilities in Google, mysql
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU43396
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-3144
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.5.0 - 5.5.25
CPE2.3- cpe:2.3::google:mysql:5.5.0:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.2:*:*:*:*:*:*:*
https://secunia.com/advisories/51177
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
https://www.ubuntu.com/usn/USN-1621-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/79387
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU43397
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3147
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate or delete data.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.5.0 - 5.5.25
CPE2.3- cpe:2.3::google:mysql:5.5.0:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.2:*:*:*:*:*:*:*
https://secunia.com/advisories/51177
https://www.mandriva.com/security/advisories?name=MDVSA-2013:102
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
https://www.ubuntu.com/usn/USN-1621-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/79384
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU43398
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-3149
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to gain access to sensitive information.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.5.0 - 5.5.25
CPE2.3- cpe:2.3::google:mysql:5.5.0:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.2:*:*:*:*:*:*:*
https://secunia.com/advisories/51177
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
https://www.ubuntu.com/usn/USN-1621-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/79390
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
