Filtered by vendor Oracle
Subscriptions
Filtered by product Mysql
Subscriptions
Total
1331 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4226 | 3 Mysql, Oracle, Redhat | 4 Mysql, Mysql, Enterprise Linux and 1 more | 2026-04-16 | N/A |
| MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. | ||||
| CVE-2002-1923 | 1 Oracle | 1 Mysql | 2026-04-16 | N/A |
| The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection. | ||||
| CVE-2003-1331 | 1 Oracle | 1 Mysql | 2026-04-16 | N/A |
| Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453. | ||||
| CVE-2002-1921 | 1 Oracle | 1 Mysql | 2026-04-16 | N/A |
| The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database. | ||||
| CVE-2005-2572 | 1 Oracle | 1 Mysql | 2026-04-16 | N/A |
| MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll. | ||||
| CVE-2006-3486 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2026-04-16 | N/A |
| Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called. NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon. Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability | ||||
| CVE-2005-0799 | 1 Oracle | 1 Mysql | 2026-04-16 | N/A |
| MySQL 4.1.9, and possibly earlier versions, allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN. | ||||
| CVE-2001-0407 | 1 Oracle | 1 Mysql | 2026-04-16 | N/A |
| Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot). | ||||
| CVE-2006-4031 | 3 Mysql, Oracle, Redhat | 4 Mysql, Mysql, Enterprise Linux and 1 more | 2026-04-16 | N/A |
| MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy. | ||||
| CVE-2004-0956 | 3 Oracle, Suse, Ubuntu | 3 Mysql, Suse Linux, Ubuntu Linux | 2026-04-16 | N/A |
| MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote. | ||||
| CVE-2004-2149 | 1 Oracle | 1 Mysql | 2026-04-16 | N/A |
| Buffer overflow in the prepared statements API in libmysqlclient for MySQL 4.1.3 beta and 4.1.4 allows remote attackers to cause a denial of service via a large number of placeholders. | ||||
| CVE-2002-1374 | 3 Oracle, Redhat, Symantec Veritas | 5 Mysql, Enterprise Linux, Linux and 2 more | 2026-04-16 | N/A |
| The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password. | ||||
| CVE-2002-1809 | 1 Oracle | 1 Mysql | 2026-04-16 | N/A |
| The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database. | ||||
| CVE-2000-0148 | 1 Oracle | 1 Mysql | 2026-04-16 | N/A |
| MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string. | ||||
| CVE-2001-1453 | 1 Oracle | 1 Mysql | 2026-04-16 | N/A |
| Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allows remote attackers to execute arbitrary code via a long host parameter. | ||||
| CVE-2001-1275 | 2 Oracle, Redhat | 2 Mysql, Linux | 2026-04-16 | N/A |
| MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking. | ||||
| CVE-2004-0837 | 4 Debian, Mysql, Oracle and 1 more | 5 Debian Linux, Mysql, Mysql and 2 more | 2026-04-16 | N/A |
| MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs. | ||||
| CVE-2004-0457 | 2 Oracle, Redhat | 2 Mysql, Enterprise Linux | 2026-04-16 | N/A |
| The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2005-0710 | 3 Mysql, Oracle, Redhat | 4 Mysql, Mysql, Enterprise Linux and 1 more | 2026-04-16 | N/A |
| MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function. | ||||
| CVE-2002-0969 | 2 Microsoft, Oracle | 2 Windows, Mysql | 2026-04-16 | 7.8 High |
| Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group. | ||||