Amazon Linux AMI update for mysql
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 17 |
| CVE-ID | CVE-2011-2262 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101 CVE-2012-0102 CVE-2012-0112 CVE-2012-0113 CVE-2012-0114 CVE-2012-0115 CVE-2012-0116 CVE-2012-0118 CVE-2012-0119 CVE-2012-0120 CVE-2012-0484 CVE-2012-0485 CVE-2012-0490 CVE-2012-0492 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Amazon Linux AMI Operating systems & Components / Operating system |
| Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains information about 17 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU44402
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-2262
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
mysql-embedded-devel-5.1.61-1.27.amzn1.i686
mysql-test-5.1.61-1.27.amzn1.i686
mysql-debuginfo-5.1.61-1.27.amzn1.i686
mysql-embedded-5.1.61-1.27.amzn1.i686
mysql-libs-5.1.61-1.27.amzn1.i686
mysql-server-5.1.61-1.27.amzn1.i686
mysql-bench-5.1.61-1.27.amzn1.i686
mysql-5.1.61-1.27.amzn1.i686
mysql-devel-5.1.61-1.27.amzn1.i686
src:
mysql-5.1.61-1.27.amzn1.src
x86_64:
mysql-5.1.61-1.27.amzn1.x86_64
mysql-libs-5.1.61-1.27.amzn1.x86_64
mysql-server-5.1.61-1.27.amzn1.x86_64
mysql-embedded-devel-5.1.61-1.27.amzn1.x86_64
mysql-debuginfo-5.1.61-1.27.amzn1.x86_64
mysql-devel-5.1.61-1.27.amzn1.x86_64
mysql-bench-5.1.61-1.27.amzn1.x86_64
mysql-test-5.1.61-1.27.amzn1.x86_64
mysql-embedded-5.1.61-1.27.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2012-44.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU44400
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-0075
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to manipulate data.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
mysql-embedded-devel-5.1.61-1.27.amzn1.i686
mysql-test-5.1.61-1.27.amzn1.i686
mysql-debuginfo-5.1.61-1.27.amzn1.i686
mysql-embedded-5.1.61-1.27.amzn1.i686
mysql-libs-5.1.61-1.27.amzn1.i686
mysql-server-5.1.61-1.27.amzn1.i686
mysql-bench-5.1.61-1.27.amzn1.i686
mysql-5.1.61-1.27.amzn1.i686
mysql-devel-5.1.61-1.27.amzn1.i686
src:
mysql-5.1.61-1.27.amzn1.src
x86_64:
mysql-5.1.61-1.27.amzn1.x86_64
mysql-libs-5.1.61-1.27.amzn1.x86_64
mysql-server-5.1.61-1.27.amzn1.x86_64
mysql-embedded-devel-5.1.61-1.27.amzn1.x86_64
mysql-debuginfo-5.1.61-1.27.amzn1.x86_64
mysql-devel-5.1.61-1.27.amzn1.x86_64
mysql-bench-5.1.61-1.27.amzn1.x86_64
mysql-test-5.1.61-1.27.amzn1.x86_64
mysql-embedded-5.1.61-1.27.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2012-44.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU44398
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-0087
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
mysql-embedded-devel-5.1.61-1.27.amzn1.i686
mysql-test-5.1.61-1.27.amzn1.i686
mysql-debuginfo-5.1.61-1.27.amzn1.i686
mysql-embedded-5.1.61-1.27.amzn1.i686
mysql-libs-5.1.61-1.27.amzn1.i686
mysql-server-5.1.61-1.27.amzn1.i686
mysql-bench-5.1.61-1.27.amzn1.i686
mysql-5.1.61-1.27.amzn1.i686
mysql-devel-5.1.61-1.27.amzn1.i686
src:
mysql-5.1.61-1.27.amzn1.src
x86_64:
mysql-5.1.61-1.27.amzn1.x86_64
mysql-libs-5.1.61-1.27.amzn1.x86_64
mysql-server-5.1.61-1.27.amzn1.x86_64
mysql-embedded-devel-5.1.61-1.27.amzn1.x86_64
mysql-debuginfo-5.1.61-1.27.amzn1.x86_64
mysql-devel-5.1.61-1.27.amzn1.x86_64
mysql-bench-5.1.61-1.27.amzn1.x86_64
mysql-test-5.1.61-1.27.amzn1.x86_64
mysql-embedded-5.1.61-1.27.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2012-44.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU44399
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-0101
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
mysql-embedded-devel-5.1.61-1.27.amzn1.i686
mysql-test-5.1.61-1.27.amzn1.i686
mysql-debuginfo-5.1.61-1.27.amzn1.i686
mysql-embedded-5.1.61-1.27.amzn1.i686
mysql-libs-5.1.61-1.27.amzn1.i686
mysql-server-5.1.61-1.27.amzn1.i686
mysql-bench-5.1.61-1.27.amzn1.i686
mysql-5.1.61-1.27.amzn1.i686
mysql-devel-5.1.61-1.27.amzn1.i686
src:
mysql-5.1.61-1.27.amzn1.src
x86_64:
mysql-5.1.61-1.27.amzn1.x86_64
mysql-libs-5.1.61-1.27.amzn1.x86_64
mysql-server-5.1.61-1.27.amzn1.x86_64
mysql-embedded-devel-5.1.61-1.27.amzn1.x86_64
mysql-debuginfo-5.1.61-1.27.amzn1.x86_64
mysql-devel-5.1.61-1.27.amzn1.x86_64
mysql-bench-5.1.61-1.27.amzn1.x86_64
mysql-test-5.1.61-1.27.amzn1.x86_64
mysql-embedded-5.1.61-1.27.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2012-44.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU44388
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-0102
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
mysql-embedded-devel-5.1.61-1.27.amzn1.i686
mysql-test-5.1.61-1.27.amzn1.i686
mysql-debuginfo-5.1.61-1.27.amzn1.i686
mysql-embedded-5.1.61-1.27.amzn1.i686
mysql-libs-5.1.61-1.27.amzn1.i686
mysql-server-5.1.61-1.27.amzn1.i686
mysql-bench-5.1.61-1.27.amzn1.i686
mysql-5.1.61-1.27.amzn1.i686
mysql-devel-5.1.61-1.27.amzn1.i686
src:
mysql-5.1.61-1.27.amzn1.src
x86_64:
mysql-5.1.61-1.27.amzn1.x86_64
mysql-libs-5.1.61-1.27.amzn1.x86_64
mysql-server-5.1.61-1.27.amzn1.x86_64
mysql-embedded-devel-5.1.61-1.27.amzn1.x86_64
mysql-debuginfo-5.1.61-1.27.amzn1.x86_64
mysql-devel-5.1.61-1.27.amzn1.x86_64
mysql-bench-5.1.61-1.27.amzn1.x86_64
mysql-test-5.1.61-1.27.amzn1.x86_64
mysql-embedded-5.1.61-1.27.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2012-44.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU44389
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-0112
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
mysql-embedded-devel-5.1.61-1.27.amzn1.i686
mysql-test-5.1.61-1.27.amzn1.i686
mysql-debuginfo-5.1.61-1.27.amzn1.i686
mysql-embedded-5.1.61-1.27.amzn1.i686
mysql-libs-5.1.61-1.27.amzn1.i686
mysql-server-5.1.61-1.27.amzn1.i686
mysql-bench-5.1.61-1.27.amzn1.i686
mysql-5.1.61-1.27.amzn1.i686
mysql-devel-5.1.61-1.27.amzn1.i686
src:
mysql-5.1.61-1.27.amzn1.src
x86_64:
mysql-5.1.61-1.27.amzn1.x86_64
mysql-libs-5.1.61-1.27.amzn1.x86_64
mysql-server-5.1.61-1.27.amzn1.x86_64
mysql-embedded-devel-5.1.61-1.27.amzn1.x86_64
mysql-debuginfo-5.1.61-1.27.amzn1.x86_64
mysql-devel-5.1.61-1.27.amzn1.x86_64
mysql-bench-5.1.61-1.27.amzn1.x86_64
mysql-test-5.1.61-1.27.amzn1.x86_64
mysql-embedded-5.1.61-1.27.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2012-44.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU44390
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-0113
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to #BASIC_IMPACT#.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
mysql-embedded-devel-5.1.61-1.27.amzn1.i686
mysql-test-5.1.61-1.27.amzn1.i686
mysql-debuginfo-5.1.61-1.27.amzn1.i686
mysql-embedded-5.1.61-1.27.amzn1.i686
mysql-libs-5.1.61-1.27.amzn1.i686
mysql-server-5.1.61-1.27.amzn1.i686
mysql-bench-5.1.61-1.27.amzn1.i686
mysql-5.1.61-1.27.amzn1.i686
mysql-devel-5.1.61-1.27.amzn1.i686
src:
mysql-5.1.61-1.27.amzn1.src
x86_64:
mysql-5.1.61-1.27.amzn1.x86_64
mysql-libs-5.1.61-1.27.amzn1.x86_64
mysql-server-5.1.61-1.27.amzn1.x86_64
mysql-embedded-devel-5.1.61-1.27.amzn1.x86_64
mysql-debuginfo-5.1.61-1.27.amzn1.x86_64
mysql-devel-5.1.61-1.27.amzn1.x86_64
mysql-bench-5.1.61-1.27.amzn1.x86_64
mysql-test-5.1.61-1.27.amzn1.x86_64
mysql-embedded-5.1.61-1.27.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2012-44.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU44391
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-0114
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local #AU# to read and manipulate data.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
mysql-embedded-devel-5.1.61-1.27.amzn1.i686
mysql-test-5.1.61-1.27.amzn1.i686
mysql-debuginfo-5.1.61-1.27.amzn1.i686
mysql-embedded-5.1.61-1.27.amzn1.i686
mysql-libs-5.1.61-1.27.amzn1.i686
mysql-server-5.1.61-1.27.amzn1.i686
mysql-bench-5.1.61-1.27.amzn1.i686
mysql-5.1.61-1.27.amzn1.i686
mysql-devel-5.1.61-1.27.amzn1.i686
src:
mysql-5.1.61-1.27.amzn1.src
x86_64:
mysql-5.1.61-1.27.amzn1.x86_64
mysql-libs-5.1.61-1.27.amzn1.x86_64
mysql-server-5.1.61-1.27.amzn1.x86_64
mysql-embedded-devel-5.1.61-1.27.amzn1.x86_64
mysql-debuginfo-5.1.61-1.27.amzn1.x86_64
mysql-devel-5.1.61-1.27.amzn1.x86_64
mysql-bench-5.1.61-1.27.amzn1.x86_64
mysql-test-5.1.61-1.27.amzn1.x86_64
mysql-embedded-5.1.61-1.27.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2012-44.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU44392
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-0115
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
mysql-embedded-devel-5.1.61-1.27.amzn1.i686
mysql-test-5.1.61-1.27.amzn1.i686
mysql-debuginfo-5.1.61-1.27.amzn1.i686
mysql-embedded-5.1.61-1.27.amzn1.i686
mysql-libs-5.1.61-1.27.amzn1.i686
mysql-server-5.1.61-1.27.amzn1.i686
mysql-bench-5.1.61-1.27.amzn1.i686
mysql-5.1.61-1.27.amzn1.i686
mysql-devel-5.1.61-1.27.amzn1.i686
src:
mysql-5.1.61-1.27.amzn1.src
x86_64:
mysql-5.1.61-1.27.amzn1.x86_64
mysql-libs-5.1.61-1.27.amzn1.x86_64
mysql-server-5.1.61-1.27.amzn1.x86_64
mysql-embedded-devel-5.1.61-1.27.amzn1.x86_64
mysql-debuginfo-5.1.61-1.27.amzn1.x86_64
mysql-devel-5.1.61-1.27.amzn1.x86_64
mysql-bench-5.1.61-1.27.amzn1.x86_64
mysql-test-5.1.61-1.27.amzn1.x86_64
mysql-embedded-5.1.61-1.27.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2012-44.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU44393
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-0116
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to read and manipulate data.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
mysql-embedded-devel-5.1.61-1.27.amzn1.i686
mysql-test-5.1.61-1.27.amzn1.i686
mysql-debuginfo-5.1.61-1.27.amzn1.i686
mysql-embedded-5.1.61-1.27.amzn1.i686
mysql-libs-5.1.61-1.27.amzn1.i686
mysql-server-5.1.61-1.27.amzn1.i686
mysql-bench-5.1.61-1.27.amzn1.i686
mysql-5.1.61-1.27.amzn1.i686
mysql-devel-5.1.61-1.27.amzn1.i686
src:
mysql-5.1.61-1.27.amzn1.src
x86_64:
mysql-5.1.61-1.27.amzn1.x86_64
mysql-libs-5.1.61-1.27.amzn1.x86_64
mysql-server-5.1.61-1.27.amzn1.x86_64
mysql-embedded-devel-5.1.61-1.27.amzn1.x86_64
mysql-debuginfo-5.1.61-1.27.amzn1.x86_64
mysql-devel-5.1.61-1.27.amzn1.x86_64
mysql-bench-5.1.61-1.27.amzn1.x86_64
mysql-test-5.1.61-1.27.amzn1.x86_64
mysql-embedded-5.1.61-1.27.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2012-44.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU44395
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-0118
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to #BASIC_IMPACT#.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
mysql-embedded-devel-5.1.61-1.27.amzn1.i686
mysql-test-5.1.61-1.27.amzn1.i686
mysql-debuginfo-5.1.61-1.27.amzn1.i686
mysql-embedded-5.1.61-1.27.amzn1.i686
mysql-libs-5.1.61-1.27.amzn1.i686
mysql-server-5.1.61-1.27.amzn1.i686
mysql-bench-5.1.61-1.27.amzn1.i686
mysql-5.1.61-1.27.amzn1.i686
mysql-devel-5.1.61-1.27.amzn1.i686
src:
mysql-5.1.61-1.27.amzn1.src
x86_64:
mysql-5.1.61-1.27.amzn1.x86_64
mysql-libs-5.1.61-1.27.amzn1.x86_64
mysql-server-5.1.61-1.27.amzn1.x86_64
mysql-embedded-devel-5.1.61-1.27.amzn1.x86_64
mysql-debuginfo-5.1.61-1.27.amzn1.x86_64
mysql-devel-5.1.61-1.27.amzn1.x86_64
mysql-bench-5.1.61-1.27.amzn1.x86_64
mysql-test-5.1.61-1.27.amzn1.x86_64
mysql-embedded-5.1.61-1.27.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2012-44.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU44396
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-0119
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
mysql-embedded-devel-5.1.61-1.27.amzn1.i686
mysql-test-5.1.61-1.27.amzn1.i686
mysql-debuginfo-5.1.61-1.27.amzn1.i686
mysql-embedded-5.1.61-1.27.amzn1.i686
mysql-libs-5.1.61-1.27.amzn1.i686
mysql-server-5.1.61-1.27.amzn1.i686
mysql-bench-5.1.61-1.27.amzn1.i686
mysql-5.1.61-1.27.amzn1.i686
mysql-devel-5.1.61-1.27.amzn1.i686
src:
mysql-5.1.61-1.27.amzn1.src
x86_64:
mysql-5.1.61-1.27.amzn1.x86_64
mysql-libs-5.1.61-1.27.amzn1.x86_64
mysql-server-5.1.61-1.27.amzn1.x86_64
mysql-embedded-devel-5.1.61-1.27.amzn1.x86_64
mysql-debuginfo-5.1.61-1.27.amzn1.x86_64
mysql-devel-5.1.61-1.27.amzn1.x86_64
mysql-bench-5.1.61-1.27.amzn1.x86_64
mysql-test-5.1.61-1.27.amzn1.x86_64
mysql-embedded-5.1.61-1.27.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2012-44.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU44397
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-0120
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
mysql-embedded-devel-5.1.61-1.27.amzn1.i686
mysql-test-5.1.61-1.27.amzn1.i686
mysql-debuginfo-5.1.61-1.27.amzn1.i686
mysql-embedded-5.1.61-1.27.amzn1.i686
mysql-libs-5.1.61-1.27.amzn1.i686
mysql-server-5.1.61-1.27.amzn1.i686
mysql-bench-5.1.61-1.27.amzn1.i686
mysql-5.1.61-1.27.amzn1.i686
mysql-devel-5.1.61-1.27.amzn1.i686
src:
mysql-5.1.61-1.27.amzn1.src
x86_64:
mysql-5.1.61-1.27.amzn1.x86_64
mysql-libs-5.1.61-1.27.amzn1.x86_64
mysql-server-5.1.61-1.27.amzn1.x86_64
mysql-embedded-devel-5.1.61-1.27.amzn1.x86_64
mysql-debuginfo-5.1.61-1.27.amzn1.x86_64
mysql-devel-5.1.61-1.27.amzn1.x86_64
mysql-bench-5.1.61-1.27.amzn1.x86_64
mysql-test-5.1.61-1.27.amzn1.x86_64
mysql-embedded-5.1.61-1.27.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2012-44.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU44375
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-0484
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to gain access to sensitive information.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
mysql-embedded-devel-5.1.61-1.27.amzn1.i686
mysql-test-5.1.61-1.27.amzn1.i686
mysql-debuginfo-5.1.61-1.27.amzn1.i686
mysql-embedded-5.1.61-1.27.amzn1.i686
mysql-libs-5.1.61-1.27.amzn1.i686
mysql-server-5.1.61-1.27.amzn1.i686
mysql-bench-5.1.61-1.27.amzn1.i686
mysql-5.1.61-1.27.amzn1.i686
mysql-devel-5.1.61-1.27.amzn1.i686
src:
mysql-5.1.61-1.27.amzn1.src
x86_64:
mysql-5.1.61-1.27.amzn1.x86_64
mysql-libs-5.1.61-1.27.amzn1.x86_64
mysql-server-5.1.61-1.27.amzn1.x86_64
mysql-embedded-devel-5.1.61-1.27.amzn1.x86_64
mysql-debuginfo-5.1.61-1.27.amzn1.x86_64
mysql-devel-5.1.61-1.27.amzn1.x86_64
mysql-bench-5.1.61-1.27.amzn1.x86_64
mysql-test-5.1.61-1.27.amzn1.x86_64
mysql-embedded-5.1.61-1.27.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2012-44.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Input validation error
EUVDB-ID: #VU44376
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-0485
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
mysql-embedded-devel-5.1.61-1.27.amzn1.i686
mysql-test-5.1.61-1.27.amzn1.i686
mysql-debuginfo-5.1.61-1.27.amzn1.i686
mysql-embedded-5.1.61-1.27.amzn1.i686
mysql-libs-5.1.61-1.27.amzn1.i686
mysql-server-5.1.61-1.27.amzn1.i686
mysql-bench-5.1.61-1.27.amzn1.i686
mysql-5.1.61-1.27.amzn1.i686
mysql-devel-5.1.61-1.27.amzn1.i686
src:
mysql-5.1.61-1.27.amzn1.src
x86_64:
mysql-5.1.61-1.27.amzn1.x86_64
mysql-libs-5.1.61-1.27.amzn1.x86_64
mysql-server-5.1.61-1.27.amzn1.x86_64
mysql-embedded-devel-5.1.61-1.27.amzn1.x86_64
mysql-debuginfo-5.1.61-1.27.amzn1.x86_64
mysql-devel-5.1.61-1.27.amzn1.x86_64
mysql-bench-5.1.61-1.27.amzn1.x86_64
mysql-test-5.1.61-1.27.amzn1.x86_64
mysql-embedded-5.1.61-1.27.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2012-44.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Input validation error
EUVDB-ID: #VU44381
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-0490
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
mysql-embedded-devel-5.1.61-1.27.amzn1.i686
mysql-test-5.1.61-1.27.amzn1.i686
mysql-debuginfo-5.1.61-1.27.amzn1.i686
mysql-embedded-5.1.61-1.27.amzn1.i686
mysql-libs-5.1.61-1.27.amzn1.i686
mysql-server-5.1.61-1.27.amzn1.i686
mysql-bench-5.1.61-1.27.amzn1.i686
mysql-5.1.61-1.27.amzn1.i686
mysql-devel-5.1.61-1.27.amzn1.i686
src:
mysql-5.1.61-1.27.amzn1.src
x86_64:
mysql-5.1.61-1.27.amzn1.x86_64
mysql-libs-5.1.61-1.27.amzn1.x86_64
mysql-server-5.1.61-1.27.amzn1.x86_64
mysql-embedded-devel-5.1.61-1.27.amzn1.x86_64
mysql-debuginfo-5.1.61-1.27.amzn1.x86_64
mysql-devel-5.1.61-1.27.amzn1.x86_64
mysql-bench-5.1.61-1.27.amzn1.x86_64
mysql-test-5.1.61-1.27.amzn1.x86_64
mysql-embedded-5.1.61-1.27.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2012-44.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU44383
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-0492
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
mysql-embedded-devel-5.1.61-1.27.amzn1.i686
mysql-test-5.1.61-1.27.amzn1.i686
mysql-debuginfo-5.1.61-1.27.amzn1.i686
mysql-embedded-5.1.61-1.27.amzn1.i686
mysql-libs-5.1.61-1.27.amzn1.i686
mysql-server-5.1.61-1.27.amzn1.i686
mysql-bench-5.1.61-1.27.amzn1.i686
mysql-5.1.61-1.27.amzn1.i686
mysql-devel-5.1.61-1.27.amzn1.i686
src:
mysql-5.1.61-1.27.amzn1.src
x86_64:
mysql-5.1.61-1.27.amzn1.x86_64
mysql-libs-5.1.61-1.27.amzn1.x86_64
mysql-server-5.1.61-1.27.amzn1.x86_64
mysql-embedded-devel-5.1.61-1.27.amzn1.x86_64
mysql-debuginfo-5.1.61-1.27.amzn1.x86_64
mysql-devel-5.1.61-1.27.amzn1.x86_64
mysql-bench-5.1.61-1.27.amzn1.x86_64
mysql-test-5.1.61-1.27.amzn1.x86_64
mysql-embedded-5.1.61-1.27.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2012-44.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
