CVSS: 4.0EPSS: 0%CPEs: 27EXPL: 0CVE-2012-3144
https://notcve.org/view.php?id=CVE-2012-3144
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server. Vulnerabilidad no especificada en el componente MySQL Serve en Oracle MySQL v5.5.26 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad mediante vectores relacionados con Server. • http://secunia.com/advisories/51177 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html http://www.ubuntu.com/usn/USN-1621-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/79387 •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2012-3158 – mysql: unspecified vulnerability related to the MySQL Protocol (CPU Oct 2012)
https://notcve.org/view.php?id=CVE-2012-3158
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL v5.1.64 y anteriores, y v5.5.26 y anteriores, permite a usuarios remotos autenticados a afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Protocol. • http://rhn.redhat.com/errata/RHSA-2012-1462.html http://secunia.com/advisories/51177 http://secunia.com/advisories/51309 http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.debian.org/security/2012/dsa-2581 http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html http://www.ubuntu.com/u •
CVSS: 6.4EPSS: 1%CPEs: 27EXPL: 0CVE-2012-3147
https://notcve.org/view.php?id=CVE-2012-3147
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client. Vulnerabilidad no especificada en el componente de MySQL Server v5.5.26 y anteriores de Oracle MySQL, permite a usuarios remotos autenticados afectar a la integridad y disponibilidad, relacionado con MySQL Client. • http://secunia.com/advisories/51177 http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html http://www.ubuntu.com/usn/USN-1621-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/79384 •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1CVE-2012-5383 – IKE and AuthIP IPsec Keyring Modules Service (IKEEXT) - Missing DLL
https://notcve.org/view.php?id=CVE-2012-5383
Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the MySQL installation ** DISPUTADA** Vulnerabilidad de path de búsqueda no confiable en Oracle MySQL 5.5.28, cuando está instalada en el directorio C:\, podría permitir a usuarios locales obetner privilegios a través de un fichero DLL troyanizado en el directorio "C:\MySQL\MySQL Server 5.5\bin", el cual puede ser añadido a la variable de entorno PATH por un adminsitrador, como se demostró con el fichero wlbsctrl.dll troyanizado usado en el servicio de sistema "IKE and AuthIP IPsec Keying Modules" en Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, y Windows 8 Release Preview. NOTA: CVE disputa esta vulnerabilidad debida a un problema con PATH, que es un problema administrativo, y no es una parte por defecto de la instalación de MySQL • https://www.exploit-db.com/exploits/28130 http://osvdb.org/86175 https://www.htbridge.com/advisory/HTB23108 •
CVSS: 2.4EPSS: 0%CPEs: 1EXPL: 0CVE-2012-4452 – mysql: regression of CVE-2009-4030
https://notcve.org/view.php?id=CVE-2012-4452
MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of a CVE-2009-4030 regression, which was not omitted in other packages and versions such as MySQL 5.0.95 in Red Hat Enterprise Linux 6. MySQL v5.0.88 enlaces simbólicos, y posiblemente otras versiones y plataformas, permite a usuarios locales eludir ciertos privilegios llamando a CREATE TABLE en una tabla MyISAM con argumentos (1) DATA DIRECTORY o (2) INDEX DIRECTORY modificados que son originalmente asociados con rutas sin enlaces simbólicos, y que pueden apuntar a tablas creadas en un momento futuro en el que una ruta es modificada para contener un enlace simbólico a un subdirectorio del directorio de datos de MySQL. Se trata de un problema relacionado con el cálculo incorrecto del valor mysql_unpacked_real_data_home . NOTA: esta vulnerabilidad se debe a una regresión al CVE-2009-4030, que no fue evitado en algunos paquetes y versiones probados, como MySQL v5.0.95 en Red Hat Enterprise Linux 6. • http://rhn.redhat.com/errata/RHSA-2013-0121.html http://www.openwall.com/lists/oss-security/2012/09/27/1 http://www.securityfocus.com/bid/55715 https://bugzilla.redhat.com/show_bug.cgi?id=860808 https://access.redhat.com/security/cve/CVE-2012-4452 • CWE-264: Permissions, Privileges, and Access Controls •