National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:mysql:mysql:3.23.0:alpha
There are 28 matching records.
Displaying matches 21 through 28.
Vuln ID Summary CVSS Severity
CVE-2004-0835

MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.

Published: November 03, 2004; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2004-0836

Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).

Published: November 03, 2004; 12:00:00 AM -05:00
V2: 10.0 HIGH
CVE-2004-0837

MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.

Published: November 03, 2004; 12:00:00 AM -05:00
V2: 2.6 LOW
CVE-2004-0457

The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Published: September 28, 2004; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-0407

Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).

Published: June 27, 2001; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-1454

Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request.

Published: February 09, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-1274

Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.

Published: January 23, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2001-1275

MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.

Published: January 19, 2001; 12:00:00 AM -05:00
V2: 7.2 HIGH