Total
1325 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1921 | 1 Oracle | 1 Mysql | 2025-04-03 | 7.5 HIGH | N/A |
| The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database. | |||||
| CVE-2002-0969 | 2 Microsoft, Oracle | 2 Windows, Mysql | 2025-04-03 | 4.6 MEDIUM | 7.8 HIGH |
| Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group. | |||||
| CVE-2005-2572 | 1 Oracle | 1 Mysql | 2025-04-03 | 8.5 HIGH | N/A |
| MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll. | |||||
| CVE-2001-1255 | 2 Mysql, Oracle | 2 Winmysqladmin, Mysql | 2025-04-03 | 4.6 MEDIUM | N/A |
| WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database. | |||||
| CVE-2004-0381 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 2.1 LOW | N/A |
| mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file. | |||||
| CVE-2004-0957 | 6 Openpkg, Oracle, Redhat and 3 more | 7 Openpkg, Mysql, Enterprise Linux and 4 more | 2025-04-03 | 6.8 MEDIUM | N/A |
| Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities. | |||||
| CVE-2003-1331 | 1 Oracle | 1 Mysql | 2025-04-03 | 4.0 MEDIUM | N/A |
| Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453. | |||||
| CVE-2004-0956 | 3 Oracle, Suse, Ubuntu | 3 Mysql, Suse Linux, Ubuntu Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
| MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote. | |||||
| CVE-2003-0150 | 1 Oracle | 1 Mysql | 2025-04-03 | 9.0 HIGH | N/A |
| MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf. | |||||
| CVE-2006-0903 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 4.6 MEDIUM | N/A |
| MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query. | |||||
| CVE-2006-3486 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 2.1 LOW | N/A |
| Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called. NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon. Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability | |||||
| CVE-2004-0836 | 2 Debian, Oracle | 2 Debian Linux, Mysql | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length). | |||||
| CVE-2006-1517 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 5.0 MEDIUM | N/A |
| sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message. | |||||
| CVE-2004-0837 | 3 Debian, Mysql, Oracle | 3 Debian Linux, Mysql, Mysql | 2025-04-03 | 2.6 LOW | N/A |
| MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs. | |||||
| CVE-2003-0073 | 1 Oracle | 1 Mysql | 2025-04-03 | 5.0 MEDIUM | N/A |
| Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user. | |||||
| CVE-2002-1373 | 1 Oracle | 1 Mysql | 2025-04-03 | 5.0 MEDIUM | N/A |
| Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call. | |||||
| CVE-2001-1274 | 1 Oracle | 1 Mysql | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges. | |||||
| CVE-2002-1376 | 2 Oracle, Symantec Veritas | 3 Mysql, Netbackup Advanced Reporter, Netbackup Global Data Manager | 2025-04-03 | 7.5 HIGH | N/A |
| libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2004-0835 | 3 Debian, Mysql, Oracle | 3 Debian Linux, Mysql, Mysql | 2025-04-03 | 7.5 HIGH | N/A |
| MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities. | |||||
| CVE-2006-0369 | 1 Oracle | 1 Mysql | 2025-04-03 | 2.1 LOW | N/A |
| MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information_schema.views;" query, which returns the query that created the VIEW. NOTE: this issue has been disputed by third parties, saying that the availability of the schema is a normal and sometimes desired aspect of database access | |||||