VYPR

MySQL

by MySQL

Source repositories

CVEs (133)

  • CVE-2010-3680Jan 11, 2011
    risk 0.04cvss epss 0.12

    Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.

  • CVE-2010-3679Jan 11, 2011
    risk 0.04cvss epss 0.12

    Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.

  • CVE-2010-3678Jan 11, 2011
    risk 0.04cvss epss 0.12

    Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.

  • CVE-2010-3676Jan 11, 2011
    risk 0.04cvss epss 0.09

    storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage…

  • CVE-2010-2008Jul 13, 2010
    risk 0.04cvss epss 0.09

    MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence,…

  • CVE-2009-4019Nov 30, 2009
    risk 0.04cvss epss 0.16

    mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function,…

  • CVE-2009-2446Jul 13, 2009
    risk 0.04cvss epss 0.11

    Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string…

  • CVE-2009-0819Mar 5, 2009
    risk 0.04cvss epss 0.10

    sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion…

  • CVE-2008-4456Oct 6, 2008
    risk 0.04cvss epss 0.07

    Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database…

  • CVE-2008-3963Sep 11, 2008
    risk 0.04cvss epss 0.06

    MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.

  • CVE-2007-5925Nov 10, 2007
    risk 0.04cvss epss 0.11

    The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion…

  • CVE-2007-2583May 10, 2007
    risk 0.04cvss epss 0.11

    The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.

  • CVE-2006-4227Aug 18, 2006
    risk 0.04cvss epss 0.12

    MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT…

  • CVE-2005-0710May 2, 2005
    risk 0.04cvss epss 0.13

    MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init…

  • CVE-2005-0709May 2, 2005
    risk 0.04cvss epss 0.18

    MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.

  • CVE-2002-1809Dec 31, 2002
    risk 0.04cvss epss 0.16

    The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database.

  • CVE-2000-0045Jan 11, 2000
    risk 0.04cvss epss 0.07

    MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege.

  • CVE-2011-5049Jan 4, 2012
    risk 0.03cvss epss 0.05

    MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted packet to TCP port 3306.

  • CVE-2007-1420Mar 12, 2007
    risk 0.03cvss epss 0.01

    MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL…

  • CVE-2006-0903Feb 27, 2006
    risk 0.03cvss epss 0.01

    MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor…

Page 2 of 7