SB2014011505 - Multiple vulnerabilities in Google, mysql
Published: January 15, 2014 Updated: August 10, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 vulnerabilities.
1) Input validation error (CVE-ID: CVE-2013-5881)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2014-0431.
2) Input validation error (CVE-ID: CVE-2013-5860)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
3) Input validation error (CVE-ID: CVE-2014-0412)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
4) Input validation error (CVE-ID: CVE-2014-0431)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5881.
5) Input validation error (CVE-ID: CVE-2014-0437)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
6) Input validation error (CVE-ID: CVE-2014-0401)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.
7) Input validation error (CVE-ID: CVE-2013-5908)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.
Remediation
Install update from vendor's website.
References
- http://osvdb.org/102066
- http://secunia.com/advisories/56491
- http://security.gentoo.org/glsa/glsa-201409-04.xml
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.securityfocus.com/bid/64758
- http://www.securityfocus.com/bid/64885
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90377
- http://www.securityfocus.com/bid/64864
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90373
- http://osvdb.org/102067
- http://rhn.redhat.com/errata/RHSA-2014-0164.html
- http://rhn.redhat.com/errata/RHSA-2014-0173.html
- http://rhn.redhat.com/errata/RHSA-2014-0186.html
- http://rhn.redhat.com/errata/RHSA-2014-0189.html
- http://secunia.com/advisories/56541
- http://secunia.com/advisories/56580
- http://ubuntu.com/usn/usn-2086-1
- http://www.debian.org/security/2014/dsa-2845
- http://www.debian.org/security/2014/dsa-2848
- http://www.securityfocus.com/bid/64880
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90378
- http://osvdb.org/102073
- http://www.securityfocus.com/bid/64897
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90384
- http://osvdb.org/102074
- http://www.securityfocus.com/bid/64849
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90385
- http://osvdb.org/102071
- http://www.securityfocus.com/bid/64898
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90382
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
- http://osvdb.org/102078
- http://www.securityfocus.com/bid/64896
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90389