Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mysql
(Oracle)| Repositories |
• https://github.com/madler/zlib
• https://github.com/mysql/mysql-server • https://github.com/MariaDB/server |
| #Vulnerabilities | 1297 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2002-12-23 | CVE-2002-1375 | The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response. | Mysql, Netbackup_advanced_reporter, Netbackup_global_data_manager | N/A | ||
| 2002-12-23 | CVE-2002-1374 | The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password. | Mysql, Netbackup_advanced_reporter, Netbackup_global_data_manager | N/A | ||
| 2002-12-23 | CVE-2002-1373 | Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call. | Mysql | N/A | ||
| 2001-02-09 | CVE-2001-1454 | Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request. | Mysql | N/A | ||
| 2001-02-09 | CVE-2001-1453 | Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allows remote attackers to execute arbitrary code via a long host parameter. | Mysql | N/A | ||
| 2001-01-19 | CVE-2001-1275 | MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking. | Mysql | N/A | ||
| 2001-01-23 | CVE-2001-1274 | Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges. | Mysql | N/A | ||
| 2001-10-02 | CVE-2001-1255 | WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database. | Winmysqladmin, Mysql | N/A | ||
| 2001-06-27 | CVE-2001-0407 | Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot). | Mysql | N/A | ||
| 2000-12-19 | CVE-2000-0981 | MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password. | Mysql | N/A |