Mysql Security Vulnerabilities and Issues — Mysql CVE List

Lucene search

OracleMysql

7 matches found

CVE•added 2009/07/13 5:30 p.m.•733 views

CVE-2009-2446

Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a databas...

8.5CVSS9.4AI score0.04393EPSS

CVE•added 2009/11/30 5:30 p.m.•340 views

CVE-2009-4028

The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificat...

6.8CVSS5.9AI score0.01585EPSS

CVE•added 2009/03/05 2:30 a.m.•318 views

CVE-2009-0819

sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.

4CVSS6.3AI score0.04498EPSS

CVE•added 2009/11/30 5:30 p.m.•216 views

CVE-2008-7247

sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or ...

6CVSS8.9AI score0.00247EPSS

CVE•added 2009/11/30 5:30 p.m.•203 views

CVE-2009-4019

mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote aut...

4CVSS8.7AI score0.07665EPSS

CVE•added 2009/12/30 9:30 p.m.•124 views

CVE-2009-4484

Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code ...

7.5CVSS7.7AI score0.72085EPSS

CVE•added 2009/11/30 5:30 p.m.•117 views

CVE-2009-4030

MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a futur...

4.4CVSS9.2AI score0.00564EPSS