Search Results (Refine Search)
- CPE Product Version: cpe:/a:oracle:mysql:5.1.45
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2010-3682 |
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function. Published: January 11, 2011; 3:00:01 PM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2010-3681 |
Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure. Published: January 11, 2011; 3:00:01 PM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2010-3680 |
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure. Published: January 11, 2011; 3:00:01 PM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2010-3679 |
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind. Published: January 11, 2011; 3:00:01 PM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2010-3678 |
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier. Published: January 11, 2011; 3:00:01 PM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2010-3677 |
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column. Published: January 11, 2011; 3:00:01 PM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2010-3676 |
storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement. Published: January 11, 2011; 3:00:01 PM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2010-2008 |
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory. Published: July 13, 2010; 4:30:01 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2010-1850 |
Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name. Published: June 07, 2010; 8:30:01 PM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2010-1849 |
The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length. Published: June 07, 2010; 8:30:01 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2010-1848 |
Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name. Published: June 07, 2010; 8:30:01 PM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |