| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-3177 |
|
|
|
2012-10-16 |
2019-10-07 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server. |
|
2 |
CVE-2012-3166 |
|
|
|
2012-10-16 |
2019-10-07 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB. |
|
3 |
CVE-2012-3160 |
|
|
|
2012-10-16 |
2019-10-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation. |
|
4 |
CVE-2012-1697 |
|
|
|
2012-05-03 |
2019-10-07 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition. |
|
5 |
CVE-2012-1696 |
|
|
|
2012-05-03 |
2019-10-07 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. |
|
6 |
CVE-2006-4031 |
|
|
|
2006-08-09 |
2019-10-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy. |
|
7 |
CVE-2006-0903 |
|
|
Bypass |
2006-02-27 |
2019-10-07 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query. |
|
8 |
CVE-2004-0957 |
|
|
|
2005-02-09 |
2019-10-07 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities. |
|
9 |
CVE-2004-0837 |
|
|
DoS |
2004-11-03 |
2019-10-07 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs. |
|
10 |
CVE-2004-0836 |
119 |
|
DoS Exec Code Overflow |
2004-11-03 |
2019-10-07 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length). |
|
11 |
CVE-2004-0835 |
|
|
|
2004-11-03 |
2019-10-07 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities. |
|
12 |
CVE-2004-0381 |
|
|
|
2004-05-04 |
2019-10-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file. |
|
13 |
CVE-2003-1480 |
310 |
|
|
2003-12-31 |
2019-10-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods. |
|
14 |
CVE-2003-0780 |
|
|
Exec Code Overflow |
2003-09-22 |
2019-10-07 |
9.0 |
Admin |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field. |
|
15 |
CVE-2002-1923 |
|
|
|
2002-12-31 |
2019-10-07 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection. |
|
16 |
CVE-2002-1921 |
|
|
|
2002-12-31 |
2019-10-07 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database. |
|
17 |
CVE-2002-1809 |
|
|
|
2002-12-31 |
2019-10-07 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database. |
|
18 |
CVE-2002-1376 |
|
|
DoS Exec Code |
2002-12-23 |
2019-10-07 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code. |
|
19 |
CVE-2002-1375 |
|
|
Exec Code |
2002-12-23 |
2019-10-07 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response. |
|
20 |
CVE-2002-1374 |
|
|
+Priv |
2002-12-23 |
2019-10-07 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password. |
|
21 |
CVE-2002-1373 |
|
|
DoS |
2002-12-23 |
2019-10-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call. |
