Mysql

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2007-6304 2Mysql Oracle 2Mysql Mysql Apr 23, 2026 Dec 10, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated hand...Show more The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.Show less
CVE-2007-6303 2Mysql Oracle 2Mysql Mysql Apr 23, 2026 Dec 10, 2007 N/A· v4 N/A· v3 3.5 LOW· v2 MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of s...Show more MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.Show less
CVE-2007-5969 1Mysql 3Community Server Mysql Enterprise ServerMysql Server Apr 23, 2026 Dec 10, 2007 N/A· v4 N/A· v3 7.1 HIGH· v2 MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and IN...Show more MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.Show less
CVE-2007-5925 1Mysql 1Mysql Apr 23, 2026 Nov 10, 2007 N/A· v4 N/A· v3 4.0 MEDIUM· v2 The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS oper...Show more The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.Show less
CVE-2007-3782 1Mysql 1Community Server Apr 23, 2026 Jul 15, 2007 N/A· v4 N/A· v3 3.5 LOW· v2 MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.
CVE-2007-3781 1Mysql 1Community Server Apr 23, 2026 Jul 15, 2007 N/A· v4 N/A· v3 4.0 MEDIUM· v2 MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the t...Show more MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.Show less
CVE-2007-3780 1Mysql 1Community Server Apr 23, 2026 Jul 15, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.
CVE-2007-2693 2Mysql Oracle 2Mysql Mysql Apr 23, 2026 May 16, 2007 N/A· v4 N/A· v3 3.5 LOW· v2 MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement.
CVE-2007-2692 2Mysql Oracle 2Mysql Mysql Apr 23, 2026 May 16, 2007 N/A· v4 N/A· v3 6.0 MEDIUM· v2 The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated use...Show more The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.Show less
CVE-2007-2691 3Canonical DebianMysql 3Debian Linux MysqlUbuntu Linux Apr 23, 2026 May 16, 2007 N/A· v4 N/A· v3 4.9 MEDIUM· v2 MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
CVE-2007-1420 2Mysql Oracle 2Mysql Mysql Apr 23, 2026 Mar 12, 2007 N/A· v4 N/A· v3 2.1 LOW· v2 MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure...Show more MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.Show less
CVE-2006-7232 2Canonical Mysql 2Mysql Ubuntu Linux Apr 23, 2026 Dec 31, 2006 N/A· v4 N/A· v3 3.5 LOW· v2 sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstr...Show more sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.Show less
CVE-2006-4305 2Mysql Sap Db 2Maxdb Sap Db Apr 16, 2026 Aug 30, 2006 N/A· v4 N/A· v3 10.0 HIGH· v2 Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client.
CVE-2006-4380 1Mysql 1Mysql Apr 16, 2026 Aug 28, 2006 N/A· v4 N/A· v3 2.1 LOW· v2 MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects.
CVE-2006-4227 2Mysql Oracle 2Mysql Mysql Apr 16, 2026 Aug 18, 2006 N/A· v4 N/A· v3 6.5 MEDIUM· v2 MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges...Show more MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.Show less
CVE-2006-4226 2Mysql Oracle 2Mysql Mysql Apr 16, 2026 Aug 18, 2006 N/A· v4 N/A· v3 3.6 LOW· v2 MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a d...Show more MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.Show less
CVE-2006-4031 2Mysql Oracle 2Mysql Mysql Apr 16, 2026 Aug 9, 2006 N/A· v4 N/A· v3 2.1 LOW· v2 MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate inten...Show more MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.Show less
CVE-2006-3469 2Mysql Oracle 2Mysql Mysql Apr 16, 2026 Jul 21, 2006 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the fir...Show more Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.Show less
CVE-2006-3486 2Mysql Oracle 2Mysql Mysql Apr 16, 2026 Jul 10, 2006 N/A· v4 N/A· v3 2.1 LOW· v2 Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial o...Show more Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called. NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon. Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerabilityShow less
CVE-2006-3081 2Mysql Oracle 2Mysql Mysql Apr 16, 2026 Jun 19, 2006 N/A· v4 N/A· v3 4.0 MEDIUM· v2 mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function.

Previous 1 2 345 6 Next