Mysql Security Vulnerabilities and Issues — Mysql CVE List

Lucene search

OracleMysql

16 matches found

CVE•added 2011/01/11 8:0 p.m.•242 views

CVE-2010-3677

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.

4CVSS5AI score0.01562EPSS

CVE•added 2011/01/11 8:0 p.m.•237 views

CVE-2010-3682

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_...

4CVSS5AI score0.02058EPSS

CVE•added 2011/01/14 7:1 p.m.•207 views

CVE-2010-3833

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CR...

5CVSS5.4AI score0.09612EPSS

CVE•added 2011/01/14 7:2 p.m.•190 views

CVE-2010-3838

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the fun...

4CVSS5.2AI score0.01238EPSS

CVE•added 2011/01/14 7:2 p.m.•179 views

CVE-2010-3836

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.

4CVSS5.1AI score0.01029EPSS

CVE•added 2011/01/14 7:2 p.m.•178 views

CVE-2010-3834

Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignme...

4CVSS5.1AI score0.01043EPSS

CVE•added 2011/01/14 7:2 p.m.•172 views

CVE-2010-3837

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified i...

4CVSS5.2AI score0.00972EPSS

CVE•added 2011/01/11 8:0 p.m.•84 views

CVE-2010-3681

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.

4CVSS5.6AI score0.05412EPSS

CVE•added 2011/01/11 8:0 p.m.•83 views

CVE-2010-3680

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.

4CVSS5.6AI score0.05112EPSS

CVE•added 2011/01/14 7:2 p.m.•81 views

CVE-2010-3835

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be...

4CVSS5.2AI score0.01238EPSS

CVE•added 2011/01/11 8:0 p.m.•73 views

CVE-2010-3683

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.

4CVSS6.2AI score0.07998EPSS

CVE•added 2011/01/11 8:0 p.m.•71 views

CVE-2010-3678

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.

4CVSS5.7AI score0.06053EPSS

CVE•added 2011/01/11 8:0 p.m.•66 views

CVE-2010-3679

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.

4CVSS5.7AI score0.0455EPSS

CVE•added 2011/01/14 7:2 p.m.•65 views

CVE-2010-3840

The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line po...

4CVSS5.8AI score0.00972EPSS

CVE•added 2011/01/14 7:2 p.m.•61 views

CVE-2010-3839

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.

4CVSS5.8AI score0.01122EPSS

CVE•added 2011/01/11 8:0 p.m.•55 views

CVE-2010-3676

storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executin...

4CVSS5.6AI score0.03068EPSS