Filtered by vendor Oracle
Subscriptions
Filtered by product Mysql
Subscriptions
Total
1331 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1374 | 3 Oracle, Redhat, Symantec Veritas | 5 Mysql, Enterprise Linux, Linux and 2 more | 2025-04-03 | N/A |
| The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password. | ||||
| CVE-2006-1518 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | N/A |
| Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values. | ||||
| CVE-2004-0381 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Enterprise Linux | 2025-04-03 | N/A |
| mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file. | ||||
| CVE-2005-2573 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | N/A |
| The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character. | ||||
| CVE-2002-1923 | 1 Oracle | 1 Mysql | 2025-04-03 | N/A |
| The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection. | ||||
| CVE-2006-0903 | 3 Mysql, Oracle, Redhat | 4 Mysql, Mysql, Enterprise Linux and 1 more | 2025-04-03 | N/A |
| MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query. | ||||
| CVE-2006-4031 | 3 Mysql, Oracle, Redhat | 4 Mysql, Mysql, Enterprise Linux and 1 more | 2025-04-03 | N/A |
| MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy. | ||||
| CVE-2006-3081 | 3 Mysql, Oracle, Redhat | 4 Mysql, Mysql, Enterprise Linux and 1 more | 2025-04-03 | N/A |
| mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function. | ||||
| CVE-2005-0709 | 3 Mysql, Oracle, Redhat | 4 Mysql, Mysql, Enterprise Linux and 1 more | 2025-04-03 | N/A |
| MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit. | ||||
| CVE-2001-1454 | 1 Oracle | 1 Mysql | 2025-04-03 | N/A |
| Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request. | ||||
| CVE-2001-1453 | 1 Oracle | 1 Mysql | 2025-04-03 | N/A |
| Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allows remote attackers to execute arbitrary code via a long host parameter. | ||||
| CVE-2006-1516 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Enterprise Linux | 2025-04-03 | N/A |
| The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read. | ||||
| CVE-2001-1255 | 2 Mysql, Oracle | 2 Winmysqladmin, Mysql | 2025-04-03 | N/A |
| WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database. | ||||
| CVE-2006-1517 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Enterprise Linux | 2025-04-03 | N/A |
| sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message. | ||||
| CVE-2005-0799 | 1 Oracle | 1 Mysql | 2025-04-03 | N/A |
| MySQL 4.1.9, and possibly earlier versions, allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN. | ||||
| CVE-2002-1375 | 3 Oracle, Redhat, Symantec Veritas | 5 Mysql, Enterprise Linux, Linux and 2 more | 2025-04-03 | N/A |
| The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response. | ||||
| CVE-2002-1376 | 3 Oracle, Redhat, Symantec Veritas | 6 Mysql, Enterprise Linux, Linux and 3 more | 2025-04-03 | N/A |
| libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code. | ||||
| CVE-2004-2149 | 1 Oracle | 1 Mysql | 2025-04-03 | N/A |
| Buffer overflow in the prepared statements API in libmysqlclient for MySQL 4.1.3 beta and 4.1.4 allows remote attackers to cause a denial of service via a large number of placeholders. | ||||
| CVE-2002-0969 | 2 Microsoft, Oracle | 2 Windows, Mysql | 2025-04-03 | 7.8 High |
| Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group. | ||||
| CVE-2004-0388 | 2 Oracle, Redhat | 2 Mysql, Enterprise Linux | 2025-04-03 | N/A |
| The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack. | ||||