Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:oracle:mysql:5.1.2
There are 426 matching records.
Displaying matches 421 through 426.
Vuln ID Summary CVSS Severity
CVE-2007-6303

MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.

Published: December 10, 2007; 4:46:00 PM -0500
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2007-6304

The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.

Published: December 10, 2007; 4:46:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-5970

MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.

Published: December 10, 2007; 2:46:00 PM -0500
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2007-2692

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.

Published: May 15, 2007; 9:19:00 PM -0400
V3.x:(not available)
V2.0: 6.0 MEDIUM
CVE-2006-4226

MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.

Published: August 18, 2006; 4:04:00 PM -0400
V3.x:(not available)
V2.0: 3.6 LOW
CVE-2006-3486

** DISPUTED ** Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called. NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon. Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability.

Published: July 10, 2006; 5:05:00 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW