Filtered by vendor Mysql
Subscriptions
Total
117 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3780 | 2 Mysql, Redhat | 3 Community Server, Enterprise Linux, Rhel Application Stack | 2025-04-09 | N/A |
| MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol. | ||||
| CVE-2009-0819 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-09 | N/A |
| sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure. | ||||
| CVE-2007-5925 | 2 Mysql, Redhat | 3 Mysql, Enterprise Linux, Rhel Application Stack | 2025-04-09 | N/A |
| The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error. | ||||
| CVE-2007-5969 | 2 Mysql, Redhat | 5 Community Server, Mysql Enterprise Server, Mysql Server and 2 more | 2025-04-09 | N/A |
| MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file. | ||||
| CVE-2007-2691 | 4 Canonical, Debian, Mysql and 1 more | 5 Ubuntu Linux, Debian Linux, Mysql and 2 more | 2025-04-09 | N/A |
| MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. | ||||
| CVE-2007-2692 | 3 Mysql, Oracle, Redhat | 4 Mysql, Mysql, Enterprise Linux and 1 more | 2025-04-09 | N/A |
| The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges. | ||||
| CVE-2009-4028 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Enterprise Linux | 2025-04-09 | N/A |
| The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library. | ||||
| CVE-2009-2446 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Enterprise Linux | 2025-04-09 | N/A |
| Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-2942 | 2 Mysql, Mysql-ocaml | 2 Mysql, Mysql-ocaml | 2025-04-09 | N/A |
| The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. | ||||
| CVE-2009-4030 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Enterprise Linux | 2025-04-09 | N/A |
| MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079. | ||||
| CVE-2009-4019 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Enterprise Linux | 2025-04-09 | N/A |
| mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement. | ||||
| CVE-2007-3781 | 2 Mysql, Redhat | 3 Community Server, Enterprise Linux, Rhel Application Stack | 2025-04-09 | N/A |
| MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. | ||||
| CVE-2008-4098 | 5 Canonical, Debian, Mysql and 2 more | 5 Ubuntu Linux, Debian Linux, Mysql and 2 more | 2025-04-09 | N/A |
| MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097. | ||||
| CVE-2008-0226 | 6 Apple, Canonical, Debian and 3 more | 6 Mac Os X, Ubuntu Linux, Debian Linux and 3 more | 2025-04-09 | N/A |
| Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp. | ||||
| CVE-2007-2693 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-09 | N/A |
| MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement. | ||||
| CVE-2007-6304 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-09 | N/A |
| The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns. | ||||
| CVE-2008-4456 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Enterprise Linux | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67. | ||||
| CVE-2007-1420 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Enterprise Linux | 2025-04-09 | N/A |
| MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function. | ||||
| CVE-2007-6313 | 1 Mysql | 1 Mysql Community Server | 2025-04-09 | N/A |
| MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements. | ||||
| CVE-2006-1516 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Enterprise Linux | 2025-04-03 | N/A |
| The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read. | ||||