Total
1237 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-1923 | 1 Oracle | 1 Mysql | 2023-12-10 | 7.5 HIGH | N/A |
The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection. | |||||
CVE-2004-0835 | 3 Debian, Mysql, Oracle | 3 Debian Linux, Mysql, Mysql | 2023-12-10 | 7.5 HIGH | N/A |
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities. | |||||
CVE-2004-0837 | 3 Debian, Mysql, Oracle | 3 Debian Linux, Mysql, Mysql | 2023-12-10 | 2.6 LOW | N/A |
MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs. | |||||
CVE-2003-0150 | 1 Oracle | 1 Mysql | 2023-12-10 | 9.0 HIGH | N/A |
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf. | |||||
CVE-2003-1480 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2023-12-10 | 4.3 MEDIUM | N/A |
MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods. | |||||
CVE-2003-0073 | 1 Oracle | 1 Mysql | 2023-12-10 | 5.0 MEDIUM | N/A |
Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user. | |||||
CVE-2004-2149 | 1 Oracle | 1 Mysql | 2023-12-10 | 5.0 MEDIUM | N/A |
Buffer overflow in the prepared statements API in libmysqlclient for MySQL 4.1.3 beta and 4.1.4 allows remote attackers to cause a denial of service via a large number of placeholders. | |||||
CVE-2001-1275 | 1 Oracle | 1 Mysql | 2023-12-10 | 7.2 HIGH | N/A |
MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking. | |||||
CVE-2004-0388 | 1 Oracle | 1 Mysql | 2023-12-10 | 2.1 LOW | N/A |
The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-2003-0780 | 3 Conectiva, Mysql, Oracle | 3 Linux, Mysql, Mysql | 2023-12-10 | 9.0 HIGH | N/A |
Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field. | |||||
CVE-2001-1274 | 1 Oracle | 1 Mysql | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges. | |||||
CVE-1999-1188 | 1 Oracle | 1 Mysql | 2023-12-10 | 4.6 MEDIUM | N/A |
mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database. | |||||
CVE-2002-1373 | 1 Oracle | 1 Mysql | 2023-12-10 | 5.0 MEDIUM | N/A |
Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call. | |||||
CVE-2002-1375 | 2 Oracle, Symantec Veritas | 3 Mysql, Netbackup Advanced Reporter, Netbackup Global Data Manager | 2023-12-10 | 7.5 HIGH | N/A |
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response. | |||||
CVE-2002-1921 | 1 Oracle | 1 Mysql | 2023-12-10 | 7.5 HIGH | N/A |
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database. | |||||
CVE-2001-0407 | 1 Oracle | 1 Mysql | 2023-12-10 | 4.6 MEDIUM | N/A |
Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot). | |||||
CVE-2002-1376 | 2 Oracle, Symantec Veritas | 3 Mysql, Netbackup Advanced Reporter, Netbackup Global Data Manager | 2023-12-10 | 7.5 HIGH | N/A |
libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code. |