CVE-2012-4414
https://notcve.org/view.php?id=CVE-2012-4414
Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete. Múltiples vulnerabilidades de inyección SQL en el código de replicación de Oracle en MySQL v5.5.29 posiblemente antes, y MariaDB v5.1.x hasta v5.1.62, v5.2.x hasta v5.2.12, v5.3.x hasta v5.3.7 y v5.5.x hasta v5.5.25 que permiten a usuarios remotos autenticados ejecutar comandos SQL a través de vectores relacionados con el registro binario. NOTA: a partir de 20130116, Oracle no se ha pronunciado sobre las alegaciones de un proveedor de bajo nivel en las que se explica que la corrección de MySQL v5.5.29 es incompleta. • http://bugs.mysql.com/bug.php?id=66550 http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.mysqlperformanceblog.com& • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2012-3144
https://notcve.org/view.php?id=CVE-2012-3144
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server. Vulnerabilidad no especificada en el componente MySQL Serve en Oracle MySQL v5.5.26 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad mediante vectores relacionados con Server. • http://secunia.com/advisories/51177 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html http://www.ubuntu.com/usn/USN-1621-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/79387 •
CVE-2012-3147
https://notcve.org/view.php?id=CVE-2012-3147
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client. Vulnerabilidad no especificada en el componente de MySQL Server v5.5.26 y anteriores de Oracle MySQL, permite a usuarios remotos autenticados afectar a la integridad y disponibilidad, relacionado con MySQL Client. • http://secunia.com/advisories/51177 http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html http://www.ubuntu.com/usn/USN-1621-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/79384 •
CVE-2012-3156
https://notcve.org/view.php?id=CVE-2012-3156
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL v5.5.25 y anteriores, permite a usuarios remotos autenticados a afectar la disponibilidad a través de vectores desconocidos relacionados con Server. • http://secunia.com/advisories/51177 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html http://www.ubuntu.com/usn/USN-1621-1 •
CVE-2012-3149
https://notcve.org/view.php?id=CVE-2012-3149
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client. Vulnerabilidad no especificada en el componente de MySQL Server v5.5.26 y anteriores de Oracle MySQL, permite a usuarios remotos autenticados afectar a la confidencialidad, relacionado con MySQL Client. • http://secunia.com/advisories/51177 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html http://www.ubuntu.com/usn/USN-1621-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/79390 •