MySQL
by MySQL
Source repositories
CVEs (133)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-0711 | 0.03 | — | 0.02 | May 2, 2005 | MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack. | |||
| CVE-2003-1480 | 0.03 | — | 0.03 | Dec 31, 2003 | MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods. | |||
| CVE-2001-0407 | 0.03 | — | 0.02 | Jun 27, 2001 | Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot). | |||
| CVE-2001-1274 | 0.03 | — | 0.05 | Jan 23, 2001 | Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges. | |||
| CVE-2010-1850 | 0.02 | — | 0.22 | Jun 8, 2010 | Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name. | |||
| CVE-2004-0628 | 0.01 | — | 0.08 | Dec 6, 2004 | Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long scramble string. | |||
| CVE-2004-0836 | 0.01 | — | 0.10 | Nov 3, 2004 | Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length). | |||
| CVE-2002-1376 | 0.01 | — | 0.07 | Dec 23, 2002 | libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||
| CVE-2001-1453 | 0.01 | — | 0.11 | Feb 9, 2001 | Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allows remote attackers to execute arbitrary code via a long host parameter. | |||
| CVE-2001-1454 | 0.01 | — | 0.10 | Feb 9, 2001 | Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request. | |||
| CVE-2024-29401 | 0.00 | — | 0.01 | Mar 26, 2024 | xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the session of a deleted admin to do anything. | |||
| CVE-2015-2575 | 0.00 | — | 0.04 | Apr 16, 2015 | Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J. | |||
| CVE-2013-1492 | 0.00 | — | 0.03 | Mar 28, 2013 | Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553. | |||
| CVE-2012-0553 | 0.00 | — | 0.03 | Mar 28, 2013 | Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492. | |||
| CVE-2012-0882 | 0.00 | — | 0.05 | Dec 21, 2012 | Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of… | |||
| CVE-2012-4452 | 0.00 | — | 0.00 | Oct 9, 2012 | MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without… | |||
| CVE-2012-2750 | 0.00 | — | 0.04 | Aug 17, 2012 | Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a "Security Fix", aka Bug #59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of 20120816, Oracle has not commented on this possibility. | |||
| CVE-2012-2749 | 0.00 | — | 0.02 | Aug 17, 2012 | MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index. | |||
| CVE-2012-2102 | 0.00 | — | 0.02 | Aug 17, 2012 | MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT. | |||
| CVE-2012-1696 | 0.00 | — | 0.02 | May 3, 2012 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. |
- CVE-2005-0711May 2, 2005risk 0.03cvss —epss 0.02
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.
- CVE-2003-1480Dec 31, 2003risk 0.03cvss —epss 0.03
MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.
- CVE-2001-0407Jun 27, 2001risk 0.03cvss —epss 0.02
Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).
- CVE-2001-1274Jan 23, 2001risk 0.03cvss —epss 0.05
Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.
- CVE-2010-1850Jun 8, 2010risk 0.02cvss —epss 0.22
Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.
- CVE-2004-0628Dec 6, 2004risk 0.01cvss —epss 0.08
Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long scramble string.
- CVE-2004-0836Nov 3, 2004risk 0.01cvss —epss 0.10
Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).
- CVE-2002-1376Dec 23, 2002risk 0.01cvss —epss 0.07
libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.
- CVE-2001-1453Feb 9, 2001risk 0.01cvss —epss 0.11
Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allows remote attackers to execute arbitrary code via a long host parameter.
- CVE-2001-1454Feb 9, 2001risk 0.01cvss —epss 0.10
Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request.
- CVE-2024-29401Mar 26, 2024risk 0.00cvss —epss 0.01
xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the session of a deleted admin to do anything.
- CVE-2015-2575Apr 16, 2015risk 0.00cvss —epss 0.04
Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.
- CVE-2013-1492Mar 28, 2013risk 0.00cvss —epss 0.03
Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553.
- CVE-2012-0553Mar 28, 2013risk 0.00cvss —epss 0.03
Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.
- CVE-2012-0882Dec 21, 2012risk 0.00cvss —epss 0.05
Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of…
- CVE-2012-4452Oct 9, 2012risk 0.00cvss —epss 0.00
MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without…
- CVE-2012-2750Aug 17, 2012risk 0.00cvss —epss 0.04
Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a "Security Fix", aka Bug #59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of 20120816, Oracle has not commented on this possibility.
- CVE-2012-2749Aug 17, 2012risk 0.00cvss —epss 0.02
MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index.
- CVE-2012-2102Aug 17, 2012risk 0.00cvss —epss 0.02
MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.
- CVE-2012-1696May 3, 2012risk 0.00cvss —epss 0.02
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Page 3 of 7