Oracle MySQL vulnerabilities

CVE-2012-3197 [LOW] CVE-2012-3197: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.

CVE-2012-3158 [HIGH] CVE-2012-3158: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol.

CVE-2012-3150 [MEDIUM] CVE-2012-3150: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

CVE-2012-3147 [MEDIUM] CVE-2012-3147: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows re Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client.

CVE-2012-3144 [MEDIUM] CVE-2012-3144: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows re Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.

CVE-2012-3149 [LOW] CVE-2012-3149: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows re Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client.

CVE-2012-3156 [LOW] CVE-2012-3156: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows re Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.

CVE-2012-3160 [LOW] CVE-2012-3160: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.

CVE-2012-5383 [MEDIUM] CVE-2012-5383: Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when i Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Tro

CVE-2012-4452 [LOW] CVE-2012-4452: MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privil MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modi

CVE-2012-2750 [CRITICAL] CVE-2012-2750: Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a "Security Fix", aka Bug #59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of 20120816, Oracle has not commented on this possibility.

CVE-2009-5026 [MEDIUM] CWE-89 CVE-2009-5026: The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.

CVE-2012-2749 [MEDIUM] CWE-399 CVE-2012-2749: MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denia MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index.

CVE-2012-2102 [LOW] CWE-119 CVE-2012-2102: MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denia MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.

CVE-2012-1734 [MEDIUM] CVE-2012-1734: Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

CVE-2012-1689 [MEDIUM] CVE-2012-1689: Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

CVE-2012-1756 [MEDIUM] CVE-2012-1756: Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated user Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors.

CVE-2012-1757 [MEDIUM] CVE-2012-1757: Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated user Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

CVE-2012-0540 [MEDIUM] CVE-2012-0540: Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows re Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.

CVE-2012-1735 [MEDIUM] CVE-2012-1735: Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated user Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.