National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:mysql:mysql:3.22.29
There are 43 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2007-2583

The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.

Published: May 09, 2007; 08:19:00 PM -04:00
    V2: 4.0 MEDIUM
CVE-2007-1420

MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.

Published: March 12, 2007; 07:19:00 PM -04:00
    V2: 2.1 LOW
CVE-2006-4031

MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.

Published: August 09, 2006; 06:04:00 PM -04:00
    V2: 2.1 LOW
CVE-2004-0957

Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.

Published: February 09, 2005; 12:00:00 AM -05:00
    V2: 6.8 MEDIUM
CVE-2004-0835

MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.

Published: November 03, 2004; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2004-0836

Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).

Published: November 03, 2004; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2004-0837

MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.

Published: November 03, 2004; 12:00:00 AM -05:00
    V2: 2.6 LOW
CVE-2004-0457

The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Published: September 28, 2004; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2004-0381

mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.

Published: May 04, 2004; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2003-1331

Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.

Published: December 31, 2003; 12:00:00 AM -05:00
    V2: 4.0 MEDIUM
CVE-2003-1480

MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.

Published: December 31, 2003; 12:00:00 AM -05:00
    V2: 4.3 MEDIUM
CVE-2002-1921

The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1923

The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1373

Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.

Published: December 23, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-1374

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.

Published: December 23, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1375

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.

Published: December 23, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-1376

libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Published: December 23, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0407

Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).

Published: June 27, 2001; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2001-1454

Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request.

Published: February 09, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1274

Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.

Published: January 23, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH