Lucene search

K
OracleMysql3.23.8

16 matches found

CVE
CVE
added 2003/09/22 4:0 a.m.79 views

CVE-2003-0780

Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.

9CVSS7.4AI score0.70046EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.74 views

CVE-2000-0045

MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege.

6.4CVSS6.4AI score0.0209EPSS
CVE
CVE
added 2006/02/27 11:2 p.m.70 views

CVE-2006-0903

MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_qu...

4.6CVSS6.3AI score0.00236EPSS
CVE
CVE
added 2000/03/22 5:0 a.m.67 views

CVE-2000-0148

MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.

7.5CVSS7.1AI score0.00443EPSS
CVE
CVE
added 2005/06/28 4:0 a.m.64 views

CVE-2002-1809

The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database.

7.5CVSS6.8AI score0.08984EPSS
CVE
CVE
added 2005/02/09 5:0 a.m.63 views

CVE-2004-0957

Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.

6.8CVSS5.9AI score0.00386EPSS
CVE
CVE
added 2004/05/04 4:0 a.m.62 views

CVE-2004-0381

mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.

2.1CVSS5.8AI score0.00132EPSS
CVE
CVE
added 2006/08/09 10:4 p.m.62 views

CVE-2006-4031

MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.

2.1CVSS7.8AI score0.00263EPSS
CVE
CVE
added 2012/05/03 10:55 p.m.60 views

CVE-2012-1696

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

4CVSS4.2AI score0.00759EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.53 views

CVE-2002-1373

Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.

5CVSS6.3AI score0.03123EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.51 views

CVE-2002-1374

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.

7.5CVSS6.8AI score0.25364EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.47 views

CVE-2002-1375

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.

7.5CVSS7.4AI score0.15031EPSS
CVE
CVE
added 2007/10/24 11:0 p.m.46 views

CVE-2003-1480

MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.

4.3CVSS6.6AI score0.16138EPSS
CVE
CVE
added 2002/12/23 5:0 a.m.45 views

CVE-2002-1376

libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.

7.5CVSS7.2AI score0.03016EPSS
CVE
CVE
added 2005/06/28 4:0 a.m.44 views

CVE-2002-1921

The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.

7.5CVSS6.7AI score0.00712EPSS
CVE
CVE
added 2005/06/28 4:0 a.m.43 views

CVE-2002-1923

The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.

7.5CVSS6.7AI score0.00712EPSS