Total
1237 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-1516 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2023-12-10 | 5.0 MEDIUM | N/A |
The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read. | |||||
CVE-2006-4227 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2023-12-10 | 6.5 MEDIUM | N/A |
MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE. | |||||
CVE-2005-0004 | 3 Debian, Mariadb, Oracle | 3 Debian Linux, Mariadb, Mysql | 2023-12-10 | 4.6 MEDIUM | N/A |
The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files. | |||||
CVE-2005-2558 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2023-12-10 | 4.6 MEDIUM | N/A |
Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field. | |||||
CVE-2004-0956 | 3 Oracle, Suse, Ubuntu | 3 Mysql, Suse Linux, Ubuntu Linux | 2023-12-10 | 5.0 MEDIUM | N/A |
MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote. | |||||
CVE-2006-1517 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2023-12-10 | 5.0 MEDIUM | N/A |
sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message. | |||||
CVE-2006-3081 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2023-12-10 | 4.0 MEDIUM | N/A |
mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function. | |||||
CVE-2005-2572 | 1 Oracle | 1 Mysql | 2023-12-10 | 8.5 HIGH | N/A |
MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll. | |||||
CVE-2004-0836 | 2 Debian, Oracle | 2 Debian Linux, Mysql | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length). | |||||
CVE-2003-1331 | 1 Oracle | 1 Mysql | 2023-12-10 | 4.0 MEDIUM | N/A |
Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453. | |||||
CVE-2001-1255 | 2 Mysql, Oracle | 2 Winmysqladmin, Mysql | 2023-12-10 | 4.6 MEDIUM | N/A |
WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database. | |||||
CVE-2002-1374 | 2 Oracle, Symantec Veritas | 3 Mysql, Netbackup Advanced Reporter, Netbackup Global Data Manager | 2023-12-10 | 7.5 HIGH | N/A |
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password. | |||||
CVE-2001-1454 | 1 Oracle | 1 Mysql | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request. | |||||
CVE-2001-1453 | 1 Oracle | 1 Mysql | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allows remote attackers to execute arbitrary code via a long host parameter. | |||||
CVE-2002-1809 | 1 Oracle | 1 Mysql | 2023-12-10 | 7.5 HIGH | N/A |
The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database. | |||||
CVE-2000-0981 | 1 Oracle | 1 Mysql | 2023-12-10 | 7.2 HIGH | N/A |
MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password. | |||||
CVE-2004-0457 | 1 Oracle | 1 Mysql | 2023-12-10 | 4.6 MEDIUM | N/A |
The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
CVE-2000-0148 | 1 Oracle | 1 Mysql | 2023-12-10 | 7.5 HIGH | N/A |
MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string. | |||||
CVE-2000-0045 | 1 Oracle | 1 Mysql | 2023-12-10 | 6.4 MEDIUM | N/A |
MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege. | |||||
CVE-2004-0381 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2023-12-10 | 2.1 LOW | N/A |
mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file. |