Multiple vulnerabilities in Google, mysql
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU42151
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2013-5881
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2014-0431.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.6.0 - 5.6.13
CPE2.3- cpe:2.3::google:mysql:5.6.0:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.6.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.6.2:*:*:*:*:*:*:*
https://osvdb.org/102066
https://secunia.com/advisories/56491
https://security.gentoo.org/glsa/glsa-201409-04.xml
https://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
https://www.securityfocus.com/bid/64758
https://www.securityfocus.com/bid/64885
https://exchange.xforce.ibmcloud.com/vulnerabilities/90377
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU42153
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2013-5860
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.6.0 - 5.6.13
CPE2.3- cpe:2.3::google:mysql:5.6.0:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.6.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.6.2:*:*:*:*:*:*:*
https://secunia.com/advisories/56491
https://security.gentoo.org/glsa/glsa-201409-04.xml
https://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
https://www.securityfocus.com/bid/64758
https://www.securityfocus.com/bid/64864
https://exchange.xforce.ibmcloud.com/vulnerabilities/90373
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU42154
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2014-0412
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.1 - 5.6.13
CPE2.3- cpe:2.3::google:mysql:5.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.2:*:*:*:*:*:*:*
https://osvdb.org/102067
https://rhn.redhat.com/errata/RHSA-2014-0164.html
https://rhn.redhat.com/errata/RHSA-2014-0173.html
https://rhn.redhat.com/errata/RHSA-2014-0186.html
https://rhn.redhat.com/errata/RHSA-2014-0189.html
https://secunia.com/advisories/56491
https://secunia.com/advisories/56541
https://secunia.com/advisories/56580
https://security.gentoo.org/glsa/glsa-201409-04.xml
https://ubuntu.com/usn/usn-2086-1
https://www.debian.org/security/2014/dsa-2845
https://www.debian.org/security/2014/dsa-2848
https://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
https://www.securityfocus.com/bid/64758
https://www.securityfocus.com/bid/64880
https://exchange.xforce.ibmcloud.com/vulnerabilities/90378
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU42157
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2014-0431
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5881.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.6.0 - 5.6.13
CPE2.3- cpe:2.3::google:mysql:5.6.0:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.6.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.6.2:*:*:*:*:*:*:*
https://osvdb.org/102073
https://secunia.com/advisories/56491
https://security.gentoo.org/glsa/glsa-201409-04.xml
https://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
https://www.securityfocus.com/bid/64758
https://www.securityfocus.com/bid/64897
https://exchange.xforce.ibmcloud.com/vulnerabilities/90384
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU42159
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2014-0437
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.1 - 5.6.13
CPE2.3- cpe:2.3::google:mysql:5.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.2:*:*:*:*:*:*:*
https://osvdb.org/102074
https://rhn.redhat.com/errata/RHSA-2014-0164.html
https://rhn.redhat.com/errata/RHSA-2014-0173.html
https://rhn.redhat.com/errata/RHSA-2014-0186.html
https://rhn.redhat.com/errata/RHSA-2014-0189.html
https://secunia.com/advisories/56491
https://secunia.com/advisories/56541
https://secunia.com/advisories/56580
https://security.gentoo.org/glsa/glsa-201409-04.xml
https://ubuntu.com/usn/usn-2086-1
https://www.debian.org/security/2014/dsa-2845
https://www.debian.org/security/2014/dsa-2848
https://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
https://www.securityfocus.com/bid/64758
https://www.securityfocus.com/bid/64849
https://exchange.xforce.ibmcloud.com/vulnerabilities/90385
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU42160
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2014-0401
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.1 - 5.6.13
CPE2.3- cpe:2.3::google:mysql:5.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.2:*:*:*:*:*:*:*
https://osvdb.org/102071
https://rhn.redhat.com/errata/RHSA-2014-0164.html
https://rhn.redhat.com/errata/RHSA-2014-0173.html
https://rhn.redhat.com/errata/RHSA-2014-0186.html
https://rhn.redhat.com/errata/RHSA-2014-0189.html
https://secunia.com/advisories/56491
https://secunia.com/advisories/56541
https://secunia.com/advisories/56580
https://security.gentoo.org/glsa/glsa-201409-04.xml
https://ubuntu.com/usn/usn-2086-1
https://www.debian.org/security/2014/dsa-2845
https://www.debian.org/security/2014/dsa-2848
https://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
https://www.securityfocus.com/bid/64758
https://www.securityfocus.com/bid/64898
https://exchange.xforce.ibmcloud.com/vulnerabilities/90382
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU42165
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2013-5908
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.
MitigationInstall update from vendor's website.
Vulnerable software versionsmysql: 5.1 - 5.6.13
CPE2.3- cpe:2.3::google:mysql:5.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.1:*:*:*:*:*:*:*
- cpe:2.3::google:mysql:5.1.2:*:*:*:*:*:*:*
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
https://osvdb.org/102078
https://rhn.redhat.com/errata/RHSA-2014-0164.html
https://rhn.redhat.com/errata/RHSA-2014-0173.html
https://rhn.redhat.com/errata/RHSA-2014-0186.html
https://rhn.redhat.com/errata/RHSA-2014-0189.html
https://secunia.com/advisories/56491
https://secunia.com/advisories/56541
https://secunia.com/advisories/56580
https://security.gentoo.org/glsa/glsa-201409-04.xml
https://ubuntu.com/usn/usn-2086-1
https://www.debian.org/security/2014/dsa-2845
https://www.debian.org/security/2014/dsa-2848
https://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
https://www.securityfocus.com/bid/64758
https://www.securityfocus.com/bid/64896
https://exchange.xforce.ibmcloud.com/vulnerabilities/90389
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
