Vendor CVEs
MySQL
All CVEs
177 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-1636 | 0.00 | — | 0.01 | May 17, 2005 | mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents. | |||
| CVE-2005-0083 | 0.00 | — | 0.01 | May 2, 2005 | MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and other platforms, allows remote attackers to cause a denial of service (application crash) via invalid parameters to the (1) DBMCli_String::ReallocString, (2) DBMCli_String::operator, (3)… | |||
| CVE-2005-1274 | 0.00 | — | 0.04 | Apr 26, 2005 | Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long "If" parameter. | |||
| CVE-2005-0004 | 0.00 | — | 0.01 | Apr 14, 2005 | The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files. | |||
| CVE-2005-0082 | 0.00 | — | 0.01 | Apr 14, 2005 | The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via invalid parameters to the WebDAV handler code, which triggers a null dereference that causes the SAP DB Web Agent to… | |||
| CVE-2005-0081 | 0.00 | — | 0.02 | Apr 14, 2005 | MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via an HTTP request with invalid headers. | |||
| CVE-2005-0799 | 0.00 | — | 0.03 | Mar 15, 2005 | MySQL 4.1.9, and possibly earlier versions, allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN. | |||
| CVE-2004-0957 | 0.00 | — | 0.02 | Feb 9, 2005 | Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities. | |||
| CVE-2005-0111 | 0.00 | — | 0.04 | Jan 13, 2005 | Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7.5.00 allows remote attackers to execute arbitrary code via a long password parameter. | |||
| CVE-2004-0956 | 0.00 | — | 0.04 | Jan 10, 2005 | MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote. | |||
| CVE-2004-1169 | 0.00 | — | 0.01 | Jan 10, 2005 | MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause a denial of service (application crash) via an HTTP GET request for a file that does not exist, followed by two carriage returns, which causes a NULL dereference. | |||
| CVE-2004-1168 | 0.00 | — | 0.05 | Jan 10, 2005 | Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to execute arbitrary code via a long Overwrite header. | |||
| CVE-2004-0931 | 0.00 | — | 0.02 | Dec 31, 2004 | MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service (crash) via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in the IsAscii7 function. | |||
| CVE-2004-2149 | 0.00 | — | 0.06 | Dec 31, 2004 | Buffer overflow in the prepared statements API in libmysqlclient for MySQL 4.1.3 beta and 4.1.4 allows remote attackers to cause a denial of service via a large number of placeholders. | |||
| CVE-2004-0837 | 0.00 | — | 0.05 | Nov 3, 2004 | MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs. | |||
| CVE-2004-0388 | 0.00 | — | 0.01 | Jun 1, 2004 | The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack. | |||
| CVE-2004-0381 | 0.00 | — | 0.01 | May 4, 2004 | mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file. | |||
| CVE-2003-1331 | 0.00 | — | 0.03 | Dec 31, 2003 | Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453. | |||
| CVE-2003-0073 | 0.00 | — | 0.03 | Feb 19, 2003 | Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user. | |||
| CVE-2002-1923 | 0.00 | — | 0.03 | Dec 31, 2002 | The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection. | |||
| CVE-2002-1921 | 0.00 | — | 0.03 | Dec 31, 2002 | The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database. | |||
| CVE-2002-1373 | 0.00 | — | 0.04 | Dec 23, 2002 | Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call. | |||
| CVE-2001-1255 | 0.00 | — | 0.01 | Oct 2, 2001 | WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database. | |||
| CVE-2001-1275 | 0.00 | — | 0.01 | Jan 19, 2001 | MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking. | |||
| CVE-2000-0981 | 0.00 | — | 0.02 | Dec 19, 2000 | MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password. | |||
| CVE-2000-0148 | 0.00 | — | 0.05 | Feb 8, 2000 | MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string. | |||
| CVE-1999-1188 | 0.00 | — | 0.01 | Dec 27, 1998 | mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database. |
- CVE-2005-1636May 17, 2005risk 0.00cvss —epss 0.01
mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.
- CVE-2005-0083May 2, 2005risk 0.00cvss —epss 0.01
MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and other platforms, allows remote attackers to cause a denial of service (application crash) via invalid parameters to the (1) DBMCli_String::ReallocString, (2) DBMCli_String::operator, (3)…
- CVE-2005-1274Apr 26, 2005risk 0.00cvss —epss 0.04
Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long "If" parameter.
- CVE-2005-0004Apr 14, 2005risk 0.00cvss —epss 0.01
The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.
- CVE-2005-0082Apr 14, 2005risk 0.00cvss —epss 0.01
The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via invalid parameters to the WebDAV handler code, which triggers a null dereference that causes the SAP DB Web Agent to…
- CVE-2005-0081Apr 14, 2005risk 0.00cvss —epss 0.02
MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via an HTTP request with invalid headers.
- CVE-2005-0799Mar 15, 2005risk 0.00cvss —epss 0.03
MySQL 4.1.9, and possibly earlier versions, allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN.
- CVE-2004-0957Feb 9, 2005risk 0.00cvss —epss 0.02
Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.
- CVE-2005-0111Jan 13, 2005risk 0.00cvss —epss 0.04
Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7.5.00 allows remote attackers to execute arbitrary code via a long password parameter.
- CVE-2004-0956Jan 10, 2005risk 0.00cvss —epss 0.04
MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote.
- CVE-2004-1169Jan 10, 2005risk 0.00cvss —epss 0.01
MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause a denial of service (application crash) via an HTTP GET request for a file that does not exist, followed by two carriage returns, which causes a NULL dereference.
- CVE-2004-1168Jan 10, 2005risk 0.00cvss —epss 0.05
Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to execute arbitrary code via a long Overwrite header.
- CVE-2004-0931Dec 31, 2004risk 0.00cvss —epss 0.02
MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service (crash) via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in the IsAscii7 function.
- CVE-2004-2149Dec 31, 2004risk 0.00cvss —epss 0.06
Buffer overflow in the prepared statements API in libmysqlclient for MySQL 4.1.3 beta and 4.1.4 allows remote attackers to cause a denial of service via a large number of placeholders.
- CVE-2004-0837Nov 3, 2004risk 0.00cvss —epss 0.05
MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.
- CVE-2004-0388Jun 1, 2004risk 0.00cvss —epss 0.01
The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack.
- CVE-2004-0381May 4, 2004risk 0.00cvss —epss 0.01
mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.
- CVE-2003-1331Dec 31, 2003risk 0.00cvss —epss 0.03
Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.
- CVE-2003-0073Feb 19, 2003risk 0.00cvss —epss 0.03
Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.
- CVE-2002-1923Dec 31, 2002risk 0.00cvss —epss 0.03
The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.
- CVE-2002-1921Dec 31, 2002risk 0.00cvss —epss 0.03
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.
- CVE-2002-1373Dec 23, 2002risk 0.00cvss —epss 0.04
Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.
- CVE-2001-1255Oct 2, 2001risk 0.00cvss —epss 0.01
WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.
- CVE-2001-1275Jan 19, 2001risk 0.00cvss —epss 0.01
MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.
- CVE-2000-0981Dec 19, 2000risk 0.00cvss —epss 0.02
MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password.
- CVE-2000-0148Feb 8, 2000risk 0.00cvss —epss 0.05
MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.
- CVE-1999-1188Dec 27, 1998risk 0.00cvss —epss 0.01
mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database.
Page 4 of 4