CVE-2008-0226
- EPSS 91.6%
- Veröffentlicht 10.01.2008 23:46:00
- Zuletzt bearbeitet 16.06.2026 22:49:10
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yass...
CVE-2007-6303
- EPSS 2.23%
- Veröffentlicht 10.12.2007 21:46:00
- Zuletzt bearbeitet 16.06.2026 22:47:47
MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE S...
- EPSS 2.96%
- Veröffentlicht 10.12.2007 21:46:00
- Zuletzt bearbeitet 16.06.2026 22:47:47
The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) vi...
CVE-2007-5970
- EPSS 2.13%
- Veröffentlicht 10.12.2007 19:46:00
- Zuletzt bearbeitet 16.06.2026 22:47:09
MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned tabl...
- EPSS 1.9%
- Veröffentlicht 16.05.2007 01:19:00
- Zuletzt bearbeitet 16.06.2026 22:40:07
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
CVE-2007-2693
- EPSS 1.79%
- Veröffentlicht 16.05.2007 01:19:00
- Zuletzt bearbeitet 16.06.2026 22:40:08
MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement.
- EPSS 11.31%
- Veröffentlicht 10.05.2007 00:19:00
- Zuletzt bearbeitet 16.06.2026 22:39:52
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL poin...
CVE-2007-1420
- EPSS 0.99%
- Veröffentlicht 12.03.2007 23:19:00
- Zuletzt bearbeitet 16.06.2026 22:37:33
MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialize...
CVE-2006-4226
- EPSS 2.73%
- Veröffentlicht 18.08.2006 20:04:00
- Zuletzt bearbeitet 16.06.2026 22:28:40
MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have pe...
CVE-2006-4227
- EPSS 11.76%
- Veröffentlicht 18.08.2006 20:04:00
- Zuletzt bearbeitet 16.06.2026 22:28:40
MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has bee...