Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mysql
(Oracle)| Repositories |
• https://github.com/madler/zlib
• https://github.com/mysql/mysql-server • https://github.com/MariaDB/server |
| #Vulnerabilities | 1239 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2003-03-24 | CVE-2003-0150 | MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf. | Mysql | N/A | ||
| 2003-02-19 | CVE-2003-0073 | Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user. | Mysql | N/A | ||
| 2002-12-31 | CVE-2002-1923 | The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection. | Mysql | N/A | ||
| 2002-12-31 | CVE-2002-1921 | The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database. | Mysql | N/A | ||
| 2002-12-31 | CVE-2002-1809 | The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database. | Mysql | N/A | ||
| 2002-12-23 | CVE-2002-1376 | libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code. | Mysql, Netbackup_advanced_reporter, Netbackup_global_data_manager | N/A | ||
| 2002-12-23 | CVE-2002-1375 | The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response. | Mysql, Netbackup_advanced_reporter, Netbackup_global_data_manager | N/A | ||
| 2002-12-23 | CVE-2002-1374 | The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password. | Mysql, Netbackup_advanced_reporter, Netbackup_global_data_manager | N/A | ||
| 2002-12-23 | CVE-2002-1373 | Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call. | Mysql | N/A | ||
| 2001-02-09 | CVE-2001-1454 | Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request. | Mysql | N/A |