VYPR

MySQL

by MySQL

Source repositories

CVEs (133)

  • CVE-2004-2149Dec 31, 2004
    risk 0.00cvss epss 0.06

    Buffer overflow in the prepared statements API in libmysqlclient for MySQL 4.1.3 beta and 4.1.4 allows remote attackers to cause a denial of service via a large number of placeholders.

  • CVE-2004-0837Nov 3, 2004
    risk 0.00cvss epss 0.05

    MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.

  • CVE-2004-0388Jun 1, 2004
    risk 0.00cvss epss 0.01

    The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack.

  • CVE-2004-0381May 4, 2004
    risk 0.00cvss epss 0.01

    mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.

  • CVE-2003-1331Dec 31, 2003
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.

  • CVE-2003-0073Feb 19, 2003
    risk 0.00cvss epss 0.03

    Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.

  • CVE-2002-1921Dec 31, 2002
    risk 0.00cvss epss 0.03

    The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.

  • CVE-2002-1923Dec 31, 2002
    risk 0.00cvss epss 0.03

    The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.

  • CVE-2002-1373Dec 23, 2002
    risk 0.00cvss epss 0.04

    Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.

  • CVE-2001-1275Jan 19, 2001
    risk 0.00cvss epss 0.01

    MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.

  • CVE-2000-0981Dec 19, 2000
    risk 0.00cvss epss 0.02

    MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password.

  • CVE-2000-0148Feb 8, 2000
    risk 0.00cvss epss 0.05

    MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.

  • CVE-1999-1188Dec 27, 1998
    risk 0.00cvss epss 0.01

    mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database.

Page 7 of 7