Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:oracle:mysql:4.1.19:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-3149 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client. Published: October 16, 2012; 7:55:03 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2012-3147 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client. Published: October 16, 2012; 7:55:03 PM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2012-3144 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server. Published: October 16, 2012; 7:55:03 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2012-4452 |
MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of a CVE-2009-4030 regression, which was not omitted in other packages and versions such as MySQL 5.0.95 in Red Hat Enterprise Linux 6. Published: October 09, 2012; 7:55:05 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2012-1696 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. Published: May 03, 2012; 6:55:02 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2012-0583 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM. Published: May 03, 2012; 6:55:02 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2010-2008 |
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory. Published: July 13, 2010; 4:30:01 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2009-2446 |
Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information. Published: July 13, 2009; 1:30:00 PM -0400 |
V3.x:(not available) V2.0: 8.5 HIGH |
CVE-2007-2583 |
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. Published: May 09, 2007; 8:19:00 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2006-4226 |
MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. Published: August 18, 2006; 4:04:00 PM -0400 |
V3.x:(not available) V2.0: 3.6 LOW |
CVE-2006-4031 |
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy. Published: August 09, 2006; 6:04:00 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2006-3469 |
Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message. Published: July 21, 2006; 10:03:00 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2006-2753 |
SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input. Published: June 01, 2006; 1:02:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-0903 |
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query. Published: February 27, 2006; 6:02:00 PM -0500 |
V3.x:(not available) V2.0: 4.6 MEDIUM |