Mysql@5.0.10 Security Vulnerabilities and Issues — Mysql@5.0.10 CVE List

Lucene search

MysqlMysql5.0.10

9 matches found

CVE•added 2006/06/01 5:2 p.m.•99 views

CVE-2006-2753

SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is ...

7.5CVSS8.4AI score0.04606EPSS

CVE•added 2006/05/05 12:46 p.m.•88 views

CVE-2006-1518

Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values.

6.5CVSS7.5AI score0.35581EPSS

CVE•added 2006/07/21 2:3 p.m.•74 views

CVE-2006-3469

Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted pr...

4CVSS7.2AI score0.27044EPSS

CVE•added 2006/05/05 12:46 p.m.•72 views

CVE-2006-1516

The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.

5CVSS7.8AI score0.622EPSS

CVE•added 2006/02/27 11:2 p.m.•70 views

CVE-2006-0903

MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_qu...

4.6CVSS6.3AI score0.00236EPSS

CVE•added 2006/05/05 12:46 p.m.•70 views

CVE-2006-1517

sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message.

5CVSS7.6AI score0.03978EPSS

CVE•added 2006/08/18 8:4 p.m.•69 views

CVE-2006-4226

MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.

3.6CVSS7.6AI score0.00563EPSS

CVE•added 2006/08/09 10:4 p.m.•62 views

CVE-2006-4031

MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.

2.1CVSS7.8AI score0.00263EPSS

CVE•added 2006/07/10 9:5 p.m.•55 views

CVE-2006-3486

Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overf...

2.1CVSS6.8AI score0.00102EPSS