| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-3177 |
|
|
|
2012-10-16 |
2013-02-07 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server. |
|
2 |
CVE-2012-3166 |
|
|
|
2012-10-16 |
2013-02-07 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB. |
|
3 |
CVE-2012-3160 |
|
|
|
2012-10-16 |
2013-02-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation. |
|
4 |
CVE-2012-1697 |
|
|
|
2012-05-03 |
2012-12-28 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition. |
|
5 |
CVE-2012-1696 |
|
|
|
2012-05-03 |
2012-12-28 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. |
|
6 |
CVE-2009-2446 |
134 |
|
DoS |
2009-07-13 |
2013-01-22 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information. |
|
7 |
CVE-2008-4098 |
59 |
|
Bypass |
2008-09-18 |
2012-10-30 |
4.6 |
User |
Remote |
High |
Single system |
Partial |
Partial |
Partial |
|
MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097. |
|
8 |
CVE-2007-2691 |
|
|
|
2007-05-15 |
2012-11-05 |
4.9 |
None |
Remote |
Medium |
Single system |
None |
Partial |
Partial |
|
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. |
|
9 |
CVE-2006-4226 |
|
|
|
2006-08-18 |
2010-09-15 |
3.6 |
None |
Remote |
High |
Single system |
Partial |
Partial |
None |
|
MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. |
|
10 |
CVE-2006-4031 |
|
|
|
2006-08-09 |
2010-09-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy. |
|
11 |
CVE-2006-1517 |
|
|
+Info |
2006-05-05 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message. |
|
12 |
CVE-2006-1516 |
|
|
|
2006-05-05 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read. |
|
13 |
CVE-2004-0628 |
|
|
DoS Exec Code Overflow |
2004-12-06 |
2008-09-05 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long scramble string. |
|
14 |
CVE-2004-0627 |
|
|
Bypass |
2004-12-06 |
2008-09-05 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string. |
