CVSS: 6.5EPSS: 0%CPEs: 77EXPL: 0CVE-2012-4414
https://notcve.org/view.php?id=CVE-2012-4414
Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete. Múltiples vulnerabilidades de inyección SQL en el código de replicación de Oracle en MySQL v5.5.29 posiblemente antes, y MariaDB v5.1.x hasta v5.1.62, v5.2.x hasta v5.2.12, v5.3.x hasta v5.3.7 y v5.5.x hasta v5.5.25 que permiten a usuarios remotos autenticados ejecutar comandos SQL a través de vectores relacionados con el registro binario. NOTA: a partir de 20130116, Oracle no se ha pronunciado sobre las alegaciones de un proveedor de bajo nivel en las que se explica que la corrección de MySQL v5.5.29 es incompleta. • http://bugs.mysql.com/bug.php?id=66550 http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.mysqlperformanceblog.com& • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 1%CPEs: 15EXPL: 0CVE-2013-0383 – mysql: unspecified unauthenticated DoS vulnerability related to Server Locking (CPU Jan 2013)
https://notcve.org/view.php?id=CVE-2013-0383
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking. Una vulnerabilidad no especificada en el componente Servidor de Oracle MySQL v5.1.66 y anteriores y v5.5.28 y anteriores, permite a atacantes remotos afectar a la disponibilidad a través de vectores desconocidos relacionados con el bloqueo del servidor. • http://rhn.redhat.com/errata/RHSA-2013-0219.html http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html http://www.ubuntu.com/usn/USN-1703-1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16758 https://access.redhat.com/security/cve/CVE-2013-0383 https://bugzilla.redhat.com& •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2012-5060
https://notcve.org/view.php?id=CVE-2012-5060
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension. Vulnerabilidad sin especificar en el componente Server en Oracle MySQL v5.1.65 y anteriores y v5.5.27 y anteriores que permite a usuario autenticados de forma remota afectar a la disponibilidad en relación a la GIS Extension. • http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html http://www.ubuntu.com/usn/USN-1703-1 •
CVSS: 4.0EPSS: 0%CPEs: 15EXPL: 0CVE-2012-1705 – mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Jan 2013)
https://notcve.org/view.php?id=CVE-2012-1705
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. Vulnerabilidad no especificada en el componente Server en Oracle MySQL v5.1.66 y anteriores y v5.5.28 y anteriores, permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con el Server Optimizer. • http://rhn.redhat.com/errata/RHSA-2013-0219.html http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html http://www.ubuntu.com/usn/USN-1703-1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17268 https://access.redhat.com/security/cve/CVE-2012-1705 https://bugzilla.redhat.com& •
CVSS: 6.6EPSS: 0%CPEs: 15EXPL: 0CVE-2013-0385 – mysql: Unspecified vulnerability in the server replication of the Oracle MySQL server allows local attackers to alter confidentiality and integrity
https://notcve.org/view.php?id=CVE-2013-0385
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication. Una vulnerabilidad no especificada en el componente Servidor de Oracle MySQL v5.1.66 y anteriores y v5.5.28 y anteriores, permite a usuarios locales afectar la confidencialidad y la integridad a través de vectores desconocidos relacionados con un servidor de replicación (Replication Server). • http://rhn.redhat.com/errata/RHSA-2013-0219.html http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html http://www.ubuntu.com/usn/USN-1703-1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16267 https://access.redhat.com/security/cve/CVE-2013-0385 https://bugzilla.redhat.com& •