Oracle

Mysql

1431 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 74.58%
  • Veröffentlicht 22.09.2003 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:02:49

Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.

Exploit
  • EPSS 44.83%
  • Veröffentlicht 24.03.2003 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:01:39

MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by mod...

  • EPSS 2.99%
  • Veröffentlicht 19.02.2003 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:01:27

Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.

Exploit
  • EPSS 16.12%
  • Veröffentlicht 31.12.2002 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:00:01

The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database.

  • EPSS 2.53%
  • Veröffentlicht 31.12.2002 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:00:18

The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.

  • EPSS 2.53%
  • Veröffentlicht 31.12.2002 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:00:18

The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.

  • EPSS 3.64%
  • Veröffentlicht 23.12.2002 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:59:12

Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.

Exploit
  • EPSS 20.45%
  • Veröffentlicht 23.12.2002 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:59:12

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the fi...

  • EPSS 23.51%
  • Veröffentlicht 23.12.2002 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:59:12

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.

  • EPSS 6.79%
  • Veröffentlicht 23.12.2002 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:59:12

libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and po...