VYPR

MySQL

by MySQL

Source repositories

CVEs (133)

  • CVE-2005-0711May 2, 2005
    risk 0.03cvss epss 0.02

    MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.

  • CVE-2003-1480Dec 31, 2003
    risk 0.03cvss epss 0.03

    MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.

  • CVE-2001-0407Jun 27, 2001
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).

  • CVE-2001-1274Jan 23, 2001
    risk 0.03cvss epss 0.05

    Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.

  • CVE-2010-1850Jun 8, 2010
    risk 0.02cvss epss 0.22

    Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.

  • CVE-2004-0628Dec 6, 2004
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long scramble string.

  • CVE-2004-0836Nov 3, 2004
    risk 0.01cvss epss 0.10

    Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).

  • CVE-2002-1376Dec 23, 2002
    risk 0.01cvss epss 0.07

    libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.

  • CVE-2001-1453Feb 9, 2001
    risk 0.01cvss epss 0.11

    Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allows remote attackers to execute arbitrary code via a long host parameter.

  • CVE-2001-1454Feb 9, 2001
    risk 0.01cvss epss 0.10

    Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request.

  • CVE-2024-29401Mar 26, 2024
    risk 0.00cvss epss 0.01

    xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the session of a deleted admin to do anything.

  • CVE-2015-2575Apr 16, 2015
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.

  • CVE-2013-1492Mar 28, 2013
    risk 0.00cvss epss 0.03

    Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553.

  • CVE-2012-0553Mar 28, 2013
    risk 0.00cvss epss 0.03

    Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.

  • CVE-2012-0882Dec 21, 2012
    risk 0.00cvss epss 0.05

    Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of…

  • CVE-2012-4452Oct 9, 2012
    risk 0.00cvss epss 0.00

    MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without…

  • CVE-2012-2750Aug 17, 2012
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a "Security Fix", aka Bug #59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of 20120816, Oracle has not commented on this possibility.

  • CVE-2012-2749Aug 17, 2012
    risk 0.00cvss epss 0.02

    MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index.

  • CVE-2012-2102Aug 17, 2012
    risk 0.00cvss epss 0.02

    MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.

  • CVE-2012-1696May 3, 2012
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Page 3 of 7