U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:oracle:mysql:5.1.2
There are 286 matching records.
Displaying matches 281 through 286.
Vuln ID Summary CVSS Severity
CVE-2007-6304

The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.

Published: December 10, 2007; 4:46:00 PM -0500 		V3.x:(not available)
 V2.0: 5.0 MEDIUM
CVE-2007-5970

MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.

Published: December 10, 2007; 2:46:00 PM -0500 		V3.x:(not available)
 V2.0: 5.8 MEDIUM
CVE-2007-2692

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.

Published: May 15, 2007; 9:19:00 PM -0400 		V3.x:(not available)
 V2.0: 6.0 MEDIUM
CVE-2007-2583

The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.

Published: May 09, 2007; 8:19:00 PM -0400 		V3.x:(not available)
 V2.0: 4.0 MEDIUM
CVE-2006-4226

MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.

Published: August 18, 2006; 4:04:00 PM -0400 		V3.x:(not available)
 V2.0: 3.6 LOW
CVE-2006-3486

Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called. NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon. Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability

Published: July 10, 2006; 5:05:00 PM -0400 		V3.x:(not available)
 V2.0: 2.1 LOW