U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:oracle:mysql:4.1.20:*:*:*:*:*:*:*
There are 172 matching records.
Displaying matches 161 through 172.
Vuln ID Summary CVSS Severity
CVE-2012-3149

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client.

Published: October 16, 2012; 7:55:03 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2012-3147

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client.

Published: October 16, 2012; 7:55:03 PM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2012-3144

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.

Published: October 16, 2012; 7:55:03 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2012-4452

MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of a CVE-2009-4030 regression, which was not omitted in other packages and versions such as MySQL 5.0.95 in Red Hat Enterprise Linux 6.

Published: October 09, 2012; 7:55:05 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2012-1696

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Published: May 03, 2012; 6:55:02 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2012-0583

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.

Published: May 03, 2012; 6:55:02 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2010-2008

MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.

Published: July 13, 2010; 4:30:01 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2009-2446

Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.

Published: July 13, 2009; 1:30:00 PM -0400
V3.x:(not available)
V2.0: 8.5 HIGH
CVE-2007-2583

The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.

Published: May 09, 2007; 8:19:00 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2006-4226

MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.

Published: August 18, 2006; 4:04:00 PM -0400
V3.x:(not available)
V2.0: 3.6 LOW
CVE-2006-4031

MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.

Published: August 09, 2006; 6:04:00 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2006-3469

Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.

Published: July 21, 2006; 10:03:00 AM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM