Search Parameters:
- Contains Software Flaws (CVE)
- CPE Product Version: cpe:/a:mysql:mysql:6.0.0
There are 7 matching records.
| Vuln ID |
Summary |
CVSS Severity |
CVE-2008-7247
|
sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.
Published:
November 30, 2009; 12:30:00 PM -05:00
|
V2: 6.0 MEDIUM
|
CVE-2009-0819
|
sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
Published:
March 04, 2009; 09:30:00 PM -05:00
|
V2: 4.0 MEDIUM
|
CVE-2008-3963
|
MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.
Published:
September 10, 2008; 09:13:47 PM -04:00
|
V2: 4.0 MEDIUM
|
CVE-2008-2079
|
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
Published:
May 05, 2008; 12:20:00 PM -04:00
|
V2: 4.6 MEDIUM
|
CVE-2007-6303
|
MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.
Published:
December 10, 2007; 04:46:00 PM -05:00
|
V2: 3.5 LOW
|
CVE-2007-6304
|
The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.
Published:
December 10, 2007; 04:46:00 PM -05:00
|
V2: 5.0 MEDIUM
|
CVE-2007-5970
|
MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.
Published:
December 10, 2007; 02:46:00 PM -05:00
|
V2: 5.8 MEDIUM
|