3.22.30 : Security Vulnerabilities

Cpe Name:cpe:/a:mysql:mysql:3.22.30

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : Cve Number Descending Cve Number Ascending CVSS Score Descending Number Of Exploits Descending

Copy Results Download Results Select Table

#	CVE ID	CWE ID	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2012-3177			2012-10-16	2013-02-07	6.8	None	Remote	Low	Single system	None	None	Complete
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server.
2	CVE-2012-3166			2012-10-16	2013-02-07	4.0	None	Remote	Low	Single system	None	None	Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
3	CVE-2012-3160			2012-10-16	2013-02-07	2.1	None	Local	Low	Not required	Partial	None	None
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.
4	CVE-2012-1697			2012-05-03	2012-12-28	4.0	None	Remote	Low	Single system	None	None	Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.
5	CVE-2012-1696			2012-05-03	2012-12-28	4.0	None	Remote	Low	Single system	None	None	Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
6	CVE-2008-4098	59	Bypass	2008-09-18	2012-10-30	4.6	User	Remote	High	Single system	Partial	Partial	Partial
MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
7	CVE-2006-4031			2006-08-09	2010-09-15	2.1	None	Local	Low	Not required	Partial	None	None
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.
8	CVE-2004-0957			2005-02-09	2008-09-10	6.8	User	Remote	Medium	Not required	Partial	Partial	Partial
Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.
9	CVE-2004-0381			2004-05-04	2010-08-21	2.1	None	Local	Low	Not required	None	Partial	None
mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.
10	CVE-2003-1480	310		2003-12-31	2008-09-05	4.3	None	Remote	Medium	Not required	Partial	None	None
MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.
11	CVE-2002-1923			2002-12-31	2008-09-05	7.5	User	Remote	Low	Not required	Partial	Partial	Partial
The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.
12	CVE-2002-1921			2002-12-31	2008-09-05	7.5	User	Remote	Low	Not required	Partial	Partial	Partial
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.
13	CVE-2002-1376		DoS Exec Code	2002-12-23	2008-09-10	7.5	User	Remote	Low	Not required	Partial	Partial	Partial
libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.
14	CVE-2002-1375		Exec Code	2002-12-23	2008-09-05	7.5	User	Remote	Low	Not required	Partial	Partial	Partial
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.
15	CVE-2002-1374		+Priv	2002-12-23	2008-09-05	7.5	User	Remote	Low	Not required	Partial	Partial	Partial
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.
16	CVE-2002-1373		DoS	2002-12-23	2008-09-10	5.0	None	Remote	Low	Not required	None	None	Partial
Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.
17	CVE-2000-0148		Bypass	2000-02-08	2008-09-10	7.5	User	Remote	Low	Not required	Partial	Partial	Partial
MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.

Total number of vulnerabilities : 17 Page : 1 (This Page)