VYPR

MySQL

by Oracle Corporation

Source repositories

CVEs (576)

  • CVE-2004-0956Jan 10, 2005
    risk 0.00cvss epss 0.04

    MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote.

  • CVE-2004-2149Dec 31, 2004
    risk 0.00cvss epss 0.06

    Buffer overflow in the prepared statements API in libmysqlclient for MySQL 4.1.3 beta and 4.1.4 allows remote attackers to cause a denial of service via a large number of placeholders.

  • CVE-2004-0837Nov 3, 2004
    risk 0.00cvss epss 0.05

    MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.

  • CVE-2004-0457Sep 28, 2004
    risk 0.00cvss epss 0.01

    The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

  • CVE-2004-0388Jun 1, 2004
    risk 0.00cvss epss 0.01

    The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack.

  • CVE-2004-0381May 4, 2004
    risk 0.00cvss epss 0.01

    mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.

  • CVE-2003-1331Dec 31, 2003
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.

  • CVE-2003-0073Feb 19, 2003
    risk 0.00cvss epss 0.03

    Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.

  • CVE-2002-1923Dec 31, 2002
    risk 0.00cvss epss 0.03

    The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.

  • CVE-2002-1921Dec 31, 2002
    risk 0.00cvss epss 0.03

    The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.

  • CVE-2002-1373Dec 23, 2002
    risk 0.00cvss epss 0.04

    Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.

  • CVE-2001-1255Oct 2, 2001
    risk 0.00cvss epss 0.01

    WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.

  • CVE-2001-1275Jan 19, 2001
    risk 0.00cvss epss 0.01

    MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.

  • CVE-2000-0981Dec 19, 2000
    risk 0.00cvss epss 0.02

    MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password.

  • CVE-2000-0148Feb 8, 2000
    risk 0.00cvss epss 0.05

    MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.

  • CVE-1999-1188Dec 27, 1998
    risk 0.00cvss epss 0.01

    mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database.

Page 29 of 29