National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:mysql:mysql:3.22.29
There are 40 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2004-0957

Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.

Published: February 09, 2005; 12:00:00 AM -05:00
V2: 6.8 MEDIUM
CVE-2004-0835

MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.

Published: November 03, 2004; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2004-0836

Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).

Published: November 03, 2004; 12:00:00 AM -05:00
V2: 10.0 HIGH
CVE-2004-0837

MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.

Published: November 03, 2004; 12:00:00 AM -05:00
V2: 2.6 LOW
CVE-2004-0457

The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Published: September 28, 2004; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2004-0381

mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.

Published: May 04, 2004; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2003-1331

Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.

Published: December 31, 2003; 12:00:00 AM -05:00
V2: 4.0 MEDIUM
CVE-2003-1480

MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.

Published: December 31, 2003; 12:00:00 AM -05:00
V2: 4.3 MEDIUM
CVE-2002-1921

The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.

Published: December 31, 2002; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2002-1923

The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.

Published: December 31, 2002; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2002-1373

Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.

Published: December 23, 2002; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2002-1374

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.

Published: December 23, 2002; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2002-1375

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.

Published: December 23, 2002; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2002-1376

libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Published: December 23, 2002; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-0407

Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).

Published: June 27, 2001; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-1454

Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request.

Published: February 09, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-1274

Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.

Published: January 23, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-1275

MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.

Published: January 19, 2001; 12:00:00 AM -05:00
V2: 7.2 HIGH
CVE-2000-0148

MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.

Published: February 08, 2000; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2000-0045

MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege.

Published: January 11, 2000; 12:00:00 AM -05:00
V2: 6.4 MEDIUM