Mysql Security Vulnerabilities and Issues — Mysql CVE List

Lucene search

OracleMysql

11 matches found

CVE•added 2004/11/03 5:0 a.m.•65 views

CVE-2004-0835

MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.

7.5CVSS6AI score0.03649EPSS

CVE•added 2004/11/03 5:0 a.m.•65 views

CVE-2004-0837

MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.

2.6CVSS6.1AI score0.02357EPSS

CVE•added 2004/11/03 5:0 a.m.•60 views

CVE-2004-0836

Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).

10CVSS7.5AI score0.02726EPSS

CVE•added 2004/05/04 4:0 a.m.•59 views

CVE-2004-0381

mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.

2.1CVSS5.8AI score0.00099EPSS

CVE•added 2004/06/01 4:0 a.m.•59 views

CVE-2004-0388

The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack.

2.1CVSS5.9AI score0.00083EPSS

CVE•added 2004/09/01 4:0 a.m.•53 views

CVE-2002-1373

Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.

5CVSS6.3AI score0.03123EPSS

CVE•added 2004/09/01 4:0 a.m.•51 views

CVE-2002-1374

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.

7.5CVSS6.8AI score0.25364EPSS

CVE•added 2004/09/01 4:0 a.m.•49 views

CVE-2003-0073

Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.

5CVSS6.1AI score0.01297EPSS

CVE•added 2004/09/01 4:0 a.m.•47 views

CVE-2002-1375

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.

7.5CVSS7.4AI score0.15031EPSS

CVE•added 2004/09/28 4:0 a.m.•46 views

CVE-2004-0457

The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

4.6CVSS5.9AI score0.00109EPSS

CVE•added 2004/09/01 4:0 a.m.•40 views

CVE-2002-0969

Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group.

7.8CVSS7.9AI score0.00103EPSS