Mysql

mysql

Vendor: Oracle • 1,328 CVEs

CVEs (1,328)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2004-0836 2Debian Oracle 2Debian Linux Mysql Apr 16, 2026 Nov 3, 2004 N/A· v4 N/A· v3 10.0 HIGH· v2 Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a...Show more Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).Show less
CVE-2004-0835 3Debian MysqlOracle 3Debian Linux MysqlMysql Apr 16, 2026 Nov 3, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could all...Show more MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.Show less
CVE-2004-0457 1Oracle 1Mysql Apr 16, 2026 Sep 28, 2004 N/A· v4 N/A· v3 4.6 MEDIUM· v2 The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2004-0388 1Oracle 1Mysql Apr 16, 2026 Jun 1, 2004 N/A· v4 N/A· v3 2.1 LOW· v2 The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack.
CVE-2004-0381 2Mysql Oracle 2Mysql Mysql Apr 16, 2026 May 4, 2004 N/A· v4 N/A· v3 2.1 LOW· v2 mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.
CVE-2003-1480 2Mysql Oracle 2Mysql Mysql Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 4.3 MEDIUM· v2 MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.
CVE-2003-1331 1Oracle 1Mysql Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerabilit...Show more Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.Show less
CVE-2003-0780 3Conectiva MysqlOracle 3Linux MysqlMysql Apr 16, 2026 Sep 22, 2003 N/A· v4 N/A· v3 9.0 HIGH· v2 Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.
CVE-2003-0150 1Oracle 1Mysql Apr 16, 2026 Mar 24, 2003 N/A· v4 N/A· v3 9.0 HIGH· v2 MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon r...Show more MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.Show less
CVE-2003-0073 1Oracle 1Mysql Apr 16, 2026 Feb 19, 2003 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.
CVE-2002-1923 1Oracle 1Mysql Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.
CVE-2002-1921 1Oracle 1Mysql Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.
CVE-2002-1809 1Oracle 1Mysql Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database.
CVE-2002-1376 2Oracle Symantec Veritas 3Mysql Netbackup Advanced ReporterNetbackup Global Data Manager Apr 16, 2026 Dec 23, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to ca...Show more libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.Show less
CVE-2002-1375 2Oracle Symantec Veritas 3Mysql Netbackup Advanced ReporterNetbackup Global Data Manager Apr 16, 2026 Dec 23, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.
CVE-2002-1374 2Oracle Symantec Veritas 3Mysql Netbackup Advanced ReporterNetbackup Global Data Manager Apr 16, 2026 Dec 23, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the pr...Show more The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.Show less
CVE-2002-1373 1Oracle 1Mysql Apr 16, 2026 Dec 23, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided...Show more Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.Show less
CVE-2002-0969 1Oracle 1Mysql Apr 16, 2026 Oct 11, 2002 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, who...Show more Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group.Show less
CVE-2001-1255 2Mysql Oracle 2Mysql Winmysqladmin Apr 16, 2026 Oct 2, 2001 N/A· v4 N/A· v3 4.6 MEDIUM· v2 WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.
CVE-2001-0407 1Oracle 1Mysql Apr 16, 2026 Jun 27, 2001 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).

Previous 1...63 64 656667 Next