Multiple vulnerabilities in Google, mysql
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 16 |
| CVE-ID | CVE-2013-1531 CVE-2012-0553 CVE-2013-0383 CVE-2013-0384 CVE-2013-0385 CVE-2013-0386 CVE-2013-0389 CVE-2013-0368 CVE-2013-0371 CVE-2013-0367 CVE-2012-5096 CVE-2012-0574 CVE-2012-0578 CVE-2012-1702 CVE-2012-1705 CVE-2012-0572 |
| CWE-ID | CWE-20 CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
mysql Other |
| Vendor |
Security Bulletin
This security bulletin contains information about 16 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU42915
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2013-1531
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to read and manipulate data.
Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.1.51 - 5.5.27
CPE2.3- cpe:2.3::google:mysql:5.1.51:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.52:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.53:*:*:*:*:*:*:*
https://rhn.redhat.com/errata/RHSA-2013-0772.html
https://secunia.com/advisories/53372
https://security.gentoo.org/glsa/glsa-201308-06.xml
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU42940
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-0553
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.1 - 5.5.27
CPE2.3- cpe:2.3::google:mysql:5.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.2:*:*:*:*:*:*:*
https://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html
https://secunia.com/advisories/52445
https://secunia.com/advisories/53372
https://security.gentoo.org/glsa/glsa-201308-06.xml
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0553_buffer_overflow
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU43170
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2013-0383
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.1.1 - 5.5.27
CPE2.3- cpe:2.3::google:mysql:5.1.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.2:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.3:*:*:*:*:*:*:*
https://rhn.redhat.com/errata/RHSA-2013-0219.html
https://secunia.com/advisories/53372
https://security.gentoo.org/glsa/glsa-201308-06.xml
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
https://www.ubuntu.com/usn/USN-1703-1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16758
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU43171
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2013-0384
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.1.1 - 5.5.27
CPE2.3- cpe:2.3::google:mysql:5.1.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.2:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.3:*:*:*:*:*:*:*
https://rhn.redhat.com/errata/RHSA-2013-0219.html
https://secunia.com/advisories/53372
https://security.gentoo.org/glsa/glsa-201308-06.xml
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
https://www.ubuntu.com/usn/USN-1703-1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16632
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU43172
Risk: High
CVSSv4.0: 6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2013-0385
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.1.1 - 5.5.27
CPE2.3- cpe:2.3::google:mysql:5.1.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.2:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.3:*:*:*:*:*:*:*
https://rhn.redhat.com/errata/RHSA-2013-0219.html
https://secunia.com/advisories/53372
https://security.gentoo.org/glsa/glsa-201308-06.xml
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
https://www.ubuntu.com/usn/USN-1703-1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16267
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU43173
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2013-0386
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.5.0 - 5.5.27
CPE2.3- cpe:2.3::google:mysql:5.5.0:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.2:*:*:*:*:*:*:*
https://secunia.com/advisories/53372
https://security.gentoo.org/glsa/glsa-201308-06.xml
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
https://www.ubuntu.com/usn/USN-1703-1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16835
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU43174
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2013-0389
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.1.1 - 5.5.27
CPE2.3- cpe:2.3::google:mysql:5.1.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.2:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.3:*:*:*:*:*:*:*
https://rhn.redhat.com/errata/RHSA-2013-0219.html
https://secunia.com/advisories/53372
https://security.gentoo.org/glsa/glsa-201308-06.xml
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
https://www.ubuntu.com/usn/USN-1703-1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16825
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU43175
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2013-0368
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.5.0 - 5.5.27
CPE2.3- cpe:2.3::google:mysql:5.5.0:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.2:*:*:*:*:*:*:*
https://secunia.com/advisories/53372
https://security.gentoo.org/glsa/glsa-201308-06.xml
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
https://www.ubuntu.com/usn/USN-1703-1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17255
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU43176
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2013-0371
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.5.0 - 5.5.27
CPE2.3- cpe:2.3::google:mysql:5.5.0:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.2:*:*:*:*:*:*:*
https://secunia.com/advisories/53372
https://security.gentoo.org/glsa/glsa-201308-06.xml
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
https://www.ubuntu.com/usn/USN-1703-1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16451
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU43177
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2013-0367
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.5.0 - 5.5.27
CPE2.3- cpe:2.3::google:mysql:5.5.0:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.2:*:*:*:*:*:*:*
https://secunia.com/advisories/53372
https://security.gentoo.org/glsa/glsa-201308-06.xml
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
https://www.ubuntu.com/usn/USN-1703-1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17077
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU43179
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-5096
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.5.0 - 5.5.27
CPE2.3- cpe:2.3::google:mysql:5.5.0:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.2:*:*:*:*:*:*:*
https://secunia.com/advisories/53372
https://security.gentoo.org/glsa/glsa-201308-06.xml
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
https://www.ubuntu.com/usn/USN-1703-1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16877
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU43180
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-0574
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.1 - 5.5.27
CPE2.3- cpe:2.3::google:mysql:5.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.2:*:*:*:*:*:*:*
https://marc.info/?l=bugtraq&m=135109152819176&w=2
https://rhn.redhat.com/errata/RHSA-2013-0219.html
https://secunia.com/advisories/53372
https://security.gentoo.org/glsa/glsa-201308-06.xml
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
https://www.ubuntu.com/usn/USN-1703-1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17266
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU43181
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-0578
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.5.0 - 5.5.27
CPE2.3- cpe:2.3::google:mysql:5.5.0:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.5.2:*:*:*:*:*:*:*
https://secunia.com/advisories/53372
https://security.gentoo.org/glsa/glsa-201308-06.xml
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
https://www.ubuntu.com/usn/USN-1703-1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16947
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU43182
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-1702
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.1 - 5.5.27
CPE2.3- cpe:2.3::google:mysql:5.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.2:*:*:*:*:*:*:*
https://rhn.redhat.com/errata/RHSA-2013-0219.html
https://secunia.com/advisories/53372
https://security.gentoo.org/glsa/glsa-201308-06.xml
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
https://www.ubuntu.com/usn/USN-1703-1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17186
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Input validation error
EUVDB-ID: #VU43183
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-1705
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.1.1 - 5.5.27
CPE2.3- cpe:2.3::google:mysql:5.1.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.2:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.3:*:*:*:*:*:*:*
https://rhn.redhat.com/errata/RHSA-2013-0219.html
https://secunia.com/advisories/53372
https://security.gentoo.org/glsa/glsa-201308-06.xml
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
https://www.ubuntu.com/usn/USN-1703-1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17268
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Input validation error
EUVDB-ID: #VU43184
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-0572
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.1.1 - 5.5.27
CPE2.3- cpe:2.3::google:mysql:5.1.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.2:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.3:*:*:*:*:*:*:*
https://rhn.redhat.com/errata/RHSA-2013-0219.html
https://secunia.com/advisories/53372
https://security.gentoo.org/glsa/glsa-201308-06.xml
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
https://www.ubuntu.com/usn/USN-1703-1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16792
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
