MySQL
Source repositories
CVEs (576)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2000-0045 | 0.04 | — | 0.07 | Jan 11, 2000 | MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege. | |||
| CVE-2012-5383 | 0.03 | — | 0.01 | Oct 11, 2012 | Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to… | |||
| CVE-2007-1420 | 0.03 | — | 0.01 | Mar 12, 2007 | MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL… | |||
| CVE-2006-0903 | 0.03 | — | 0.01 | Feb 27, 2006 | MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor… | |||
| CVE-2005-0711 | 0.03 | — | 0.02 | May 2, 2005 | MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack. | |||
| CVE-2003-1480 | 0.03 | — | 0.03 | Dec 31, 2003 | MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods. | |||
| CVE-2001-0407 | 0.03 | — | 0.02 | Jun 27, 2001 | Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot). | |||
| CVE-2001-1274 | 0.03 | — | 0.05 | Jan 23, 2001 | Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges. | |||
| CVE-2010-1850 | 0.02 | — | 0.22 | Jun 8, 2010 | Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name. | |||
| CVE-2016-0505 | 0.01 | — | 0.08 | Jan 21, 2016 | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options. | |||
| CVE-2015-4816 | 0.01 | — | 0.07 | Oct 21, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. | |||
| CVE-2015-4757 | 0.01 | — | 0.07 | Jul 16, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. | |||
| CVE-2015-2568 | 0.01 | — | 0.07 | Apr 16, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges. | |||
| CVE-2015-0501 | 0.01 | — | 0.10 | Apr 16, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling. | |||
| CVE-2015-0411 | 0.01 | — | 0.10 | Jan 21, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption. | |||
| CVE-2015-0391 | 0.01 | — | 0.07 | Jan 21, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. | |||
| CVE-2015-0382 | 0.01 | — | 0.10 | Jan 21, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381. | |||
| CVE-2014-6568 | 0.01 | — | 0.07 | Jan 21, 2015 | Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML. | |||
| CVE-2014-6507 | 0.01 | — | 0.07 | Oct 15, 2014 | Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML. | |||
| CVE-2014-0001 | 0.01 | — | 0.06 | Jan 31, 2014 | Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string. |
- CVE-2000-0045Jan 11, 2000risk 0.04cvss —epss 0.07
MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege.
- CVE-2012-5383Oct 11, 2012risk 0.03cvss —epss 0.01
Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to…
- CVE-2007-1420Mar 12, 2007risk 0.03cvss —epss 0.01
MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL…
- CVE-2006-0903Feb 27, 2006risk 0.03cvss —epss 0.01
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor…
- CVE-2005-0711May 2, 2005risk 0.03cvss —epss 0.02
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.
- CVE-2003-1480Dec 31, 2003risk 0.03cvss —epss 0.03
MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.
- CVE-2001-0407Jun 27, 2001risk 0.03cvss —epss 0.02
Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).
- CVE-2001-1274Jan 23, 2001risk 0.03cvss —epss 0.05
Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.
- CVE-2010-1850Jun 8, 2010risk 0.02cvss —epss 0.22
Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.
- CVE-2016-0505Jan 21, 2016risk 0.01cvss —epss 0.08
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.
- CVE-2015-4816Oct 21, 2015risk 0.01cvss —epss 0.07
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
- CVE-2015-4757Jul 16, 2015risk 0.01cvss —epss 0.07
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
- CVE-2015-2568Apr 16, 2015risk 0.01cvss —epss 0.07
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.
- CVE-2015-0501Apr 16, 2015risk 0.01cvss —epss 0.10
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.
- CVE-2015-0411Jan 21, 2015risk 0.01cvss —epss 0.10
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.
- CVE-2015-0391Jan 21, 2015risk 0.01cvss —epss 0.07
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
- CVE-2015-0382Jan 21, 2015risk 0.01cvss —epss 0.10
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.
- CVE-2014-6568Jan 21, 2015risk 0.01cvss —epss 0.07
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.
- CVE-2014-6507Oct 15, 2014risk 0.01cvss —epss 0.07
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.
- CVE-2014-0001Jan 31, 2014risk 0.01cvss —epss 0.06
Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.
Page 12 of 29