CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Mysql : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-6500 2014-10-15 2014-11-18
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491.
2 CVE-2014-6491 2014-10-15 2014-11-18
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500.
3 CVE-2014-0001 119 DoS Exec Code Overflow 2014-01-31 2014-06-30
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.
4 CVE-2013-1492 119 Overflow 2013-03-28 2014-02-20
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553.
5 CVE-2012-3158 2012-10-16 2014-02-20
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol.
6 CVE-2012-0882 119 Exec Code Overflow 2012-12-21 2012-12-21
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.
7 CVE-2012-0553 119 Overflow 2013-03-28 2014-02-20
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.
8 CVE-2009-4484 119 1 DoS Exec Code Overflow Mem. Corr. 2009-12-30 2010-03-26
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.
9 CVE-2008-0226 119 Exec Code Overflow 2008-01-10 2008-10-23
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.
10 CVE-2007-5969 264 +Priv 2007-12-10 2011-09-01
7.1
None Remote High Single system Complete Complete Complete
MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.
11 CVE-2006-2753 Exec Code Sql 2006-06-01 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.
12 CVE-2005-0111 Exec Code Overflow 2005-01-13 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7.5.00 allows remote attackers to execute arbitrary code via a long password parameter.
13 CVE-2004-0835 2004-11-03 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.
14 CVE-2002-1923 2002-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.
15 CVE-2002-1921 2002-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.
16 CVE-2002-1809 2002-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database.
17 CVE-2002-1376 DoS Exec Code 2002-12-23 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.
18 CVE-2002-1375 Exec Code 2002-12-23 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.
19 CVE-2002-1374 +Priv 2002-12-23 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.
20 CVE-2001-1454 Exec Code Overflow 2001-02-09 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request.
21 CVE-2001-1453 Exec Code Overflow 2001-02-09 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allows remote attackers to execute arbitrary code via a long host parameter.
22 CVE-2001-1275 +Priv 2001-01-19 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.
23 CVE-2001-1274 DoS Overflow +Priv 2001-01-23 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.
24 CVE-2000-0981 +Info 2000-12-19 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password.
25 CVE-2000-0148 Bypass 2000-02-08 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.
Total number of vulnerabilities : 25   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.