MysqlCVEs & Vulnerabilities

112 CVEs affecting Mysql products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

mysql 1,167maxdb 53mysql community server 48eventum 16community server 9mysql server 6mysql enterprise server 1winmysqladmin 1
CVE-2005-1274CRITICAL

Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long "If" parameter.

26 Apr 2005
10.0
CVSS
CVE-2005-0684CRITICALpoc

Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c.

25 Apr 2005
10.0
CVSS
CVE-2005-0081MEDIUM

MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via an HTTP request with invalid headers.

14 Apr 2005
5.0
CVSS
CVE-2005-0082MEDIUM

The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via invalid parameters to the WebDAV handler code, which triggers a null dereference that causes the SAP DB Web Agent to crash.

14 Apr 2005
5.0
CVSS
CVE-2005-0111HIGH

Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7.5.00 allows remote attackers to execute arbitrary code via a long password parameter.

13 Jan 2005
7.5
CVSS
CVE-2004-1168CRITICAL

Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to execute arbitrary code via a long Overwrite header.

10 Jan 2005
10.0
CVSS
CVE-2004-1169MEDIUM

MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause a denial of service (application crash) via an HTTP GET request for a file that does not exist, followed by two carriage returns, which causes a NULL dereference.

10 Jan 2005
5.0
CVSS
CVE-2004-0931MEDIUM

MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service (crash) via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in the IsAscii7 function.

31 Dec 2004
5.0
CVSS
CVE-2004-0628CRITICAL

Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long scramble string.

6 Dec 2004
10.0
CVSS
CVE-2004-0627CRITICALpoc

The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string.

6 Dec 2004
10.0
CVSS
CVE-2004-0837LOW

MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.

3 Nov 2004
2.6
CVSS
CVE-2004-0835HIGHpoc

MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.

3 Nov 2004
7.5
CVSS
CVE-2004-0381LOW

mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.

4 May 2004
2.1
CVSS
CVE-2003-1480MEDIUMpoc

MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.

31 Dec 2003
4.3
CVSS
CVE-2003-0780CRITICALpoc

Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.

22 Sep 2003
9.0
CVSS
CVE-2001-1255MEDIUM

WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.

2 Oct 2001
4.6
CVSS
← PrevPage 3 / 3Next →