| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-1506 |
|
|
|
2013-04-17 |
2013-04-17 |
2.8 |
None |
Remote |
Medium |
Multiple systems |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking. |
|
2 |
CVE-2012-3160 |
|
|
|
2012-10-16 |
2013-02-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation. |
|
3 |
CVE-2012-0493 |
|
|
|
2012-01-18 |
2012-01-24 |
2.1 |
None |
Remote |
High |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0495. |
|
4 |
CVE-2012-0492 |
|
|
|
2012-01-18 |
2012-01-30 |
2.1 |
None |
Remote |
High |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485. |
|
5 |
CVE-2008-4456 |
79 |
|
XSS |
2008-10-06 |
2013-01-22 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67. |
|
6 |
CVE-2007-1420 |
|
|
DoS |
2007-03-12 |
2011-09-01 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function. |
|
7 |
CVE-2006-4380 |
|
|
DoS |
2006-08-28 |
2010-09-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects. |
|
8 |
CVE-2006-4031 |
|
|
|
2006-08-09 |
2010-09-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy. |
|
9 |
CVE-2006-3486 |
|
|
DoS Overflow |
2006-07-10 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
** DISPUTED ** Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called. NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon. Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability. |
|
10 |
CVE-2006-0369 |
200 |
|
+Info |
2006-01-22 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
** DISPUTED ** MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information_schema.views;" query, which returns the query that created the VIEW. NOTE: this issue has been disputed by third parties, saying that the availability of the schema is a normal and sometimes desired aspect of database access. |
|
11 |
CVE-2005-0711 |
|
|
|
2005-05-02 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack. |
|
12 |
CVE-2004-0837 |
|
|
DoS |
2004-11-03 |
2008-09-10 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs. |
|
13 |
CVE-2004-0388 |
|
|
|
2004-06-01 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack. |
|
14 |
CVE-2004-0381 |
|
|
|
2004-05-04 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file. |
