MySQL
by MySQL
Source repositories
CVEs (133)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-2149 | 0.00 | — | 0.06 | Dec 31, 2004 | Buffer overflow in the prepared statements API in libmysqlclient for MySQL 4.1.3 beta and 4.1.4 allows remote attackers to cause a denial of service via a large number of placeholders. | |||
| CVE-2004-0837 | 0.00 | — | 0.05 | Nov 3, 2004 | MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs. | |||
| CVE-2004-0388 | 0.00 | — | 0.01 | Jun 1, 2004 | The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack. | |||
| CVE-2004-0381 | 0.00 | — | 0.01 | May 4, 2004 | mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file. | |||
| CVE-2003-1331 | 0.00 | — | 0.03 | Dec 31, 2003 | Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453. | |||
| CVE-2003-0073 | 0.00 | — | 0.03 | Feb 19, 2003 | Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user. | |||
| CVE-2002-1921 | 0.00 | — | 0.03 | Dec 31, 2002 | The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database. | |||
| CVE-2002-1923 | 0.00 | — | 0.03 | Dec 31, 2002 | The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection. | |||
| CVE-2002-1373 | 0.00 | — | 0.04 | Dec 23, 2002 | Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call. | |||
| CVE-2001-1275 | 0.00 | — | 0.01 | Jan 19, 2001 | MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking. | |||
| CVE-2000-0981 | 0.00 | — | 0.02 | Dec 19, 2000 | MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password. | |||
| CVE-2000-0148 | 0.00 | — | 0.05 | Feb 8, 2000 | MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string. | |||
| CVE-1999-1188 | 0.00 | — | 0.01 | Dec 27, 1998 | mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database. |
- CVE-2004-2149Dec 31, 2004risk 0.00cvss —epss 0.06
Buffer overflow in the prepared statements API in libmysqlclient for MySQL 4.1.3 beta and 4.1.4 allows remote attackers to cause a denial of service via a large number of placeholders.
- CVE-2004-0837Nov 3, 2004risk 0.00cvss —epss 0.05
MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.
- CVE-2004-0388Jun 1, 2004risk 0.00cvss —epss 0.01
The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack.
- CVE-2004-0381May 4, 2004risk 0.00cvss —epss 0.01
mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.
- CVE-2003-1331Dec 31, 2003risk 0.00cvss —epss 0.03
Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.
- CVE-2003-0073Feb 19, 2003risk 0.00cvss —epss 0.03
Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.
- CVE-2002-1921Dec 31, 2002risk 0.00cvss —epss 0.03
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.
- CVE-2002-1923Dec 31, 2002risk 0.00cvss —epss 0.03
The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.
- CVE-2002-1373Dec 23, 2002risk 0.00cvss —epss 0.04
Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.
- CVE-2001-1275Jan 19, 2001risk 0.00cvss —epss 0.01
MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.
- CVE-2000-0981Dec 19, 2000risk 0.00cvss —epss 0.02
MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password.
- CVE-2000-0148Feb 8, 2000risk 0.00cvss —epss 0.05
MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.
- CVE-1999-1188Dec 27, 1998risk 0.00cvss —epss 0.01
mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database.
Page 7 of 7