Filtered by vendor Oracle Subscriptions
Filtered by product Mysql Subscriptions
Total 1238 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-20969 3 Netapp, Oracle, Redhat 4 Oncommand Insight, Mysql, Enterprise Linux and 1 more 2024-08-30 5.5 Medium
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2024-21165 1 Oracle 1 Mysql 2024-08-28 4.9 Medium
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2016-9842 8 Apple, Canonical, Debian and 5 more 22 Iphone Os, Mac Os X, Tvos and 19 more 2024-08-28 8.8 High
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
CVE-2000-0981 1 Oracle 1 Mysql 2024-08-08 N/A
MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password.
CVE-2000-0148 1 Oracle 1 Mysql 2024-08-08 N/A
MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.
CVE-2000-0045 1 Oracle 1 Mysql 2024-08-08 N/A
MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege.
CVE-2001-1453 1 Oracle 1 Mysql 2024-08-08 N/A
Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allows remote attackers to execute arbitrary code via a long host parameter.
CVE-2001-1454 1 Oracle 1 Mysql 2024-08-08 N/A
Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request.
CVE-2001-1274 2 Oracle, Redhat 2 Mysql, Linux 2024-08-08 N/A
Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.
CVE-2001-1255 2 Mysql, Oracle 2 Winmysqladmin, Mysql 2024-08-08 N/A
WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.
CVE-2001-1275 2 Oracle, Redhat 2 Mysql, Linux 2024-08-08 N/A
MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.
CVE-2001-0407 1 Oracle 1 Mysql 2024-08-08 N/A
Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).
CVE-2002-1921 1 Oracle 1 Mysql 2024-08-08 N/A
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.
CVE-2002-1923 1 Oracle 1 Mysql 2024-08-08 N/A
The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.
CVE-2002-1809 1 Oracle 1 Mysql 2024-08-08 N/A
The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database.
CVE-2002-1376 3 Oracle, Redhat, Symantec Veritas 6 Mysql, Enterprise Linux, Linux and 3 more 2024-08-08 N/A
libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.
CVE-2002-1374 3 Oracle, Redhat, Symantec Veritas 5 Mysql, Enterprise Linux, Linux and 2 more 2024-08-08 N/A
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.
CVE-2002-1375 3 Oracle, Redhat, Symantec Veritas 5 Mysql, Enterprise Linux, Linux and 2 more 2024-08-08 N/A
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.
CVE-2002-1373 2 Oracle, Redhat 3 Mysql, Enterprise Linux, Linux 2024-08-08 N/A
Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.
CVE-2002-0969 2 Microsoft, Oracle 2 Windows, Mysql 2024-08-08 7.8 High
Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group.