Oracle MySQL vulnerabilities

CVE-2004-0835 [HIGH] CVE-2004-0835: MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CR MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.

CVE-2004-0837 [LOW] CVE-2004-0837: MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (cras MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.

CVE-2004-0457 [MEDIUM] CVE-2004-0457: The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVE-2004-0388 [LOW] CVE-2004-0388: The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attac The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack.

CVE-2004-0381 [LOW] CVE-2004-0381: mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.

CVE-2003-1480 [MEDIUM] CWE-310 CVE-2003-1480: MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attac MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.

CVE-2003-1331 [MEDIUM] CVE-2003-1331: Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysql Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.

CVE-2003-0780 [CRITICAL] CVE-2003-0780: Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.

CVE-2003-0150 [CRITICAL] CVE-2003-0150: MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileg MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.

CVE-2003-0073 [MEDIUM] CVE-2003-0073: Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to c Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.

CVE-2002-1923 [HIGH] CVE-2002-1923: The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have l The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.

CVE-2002-1809 [HIGH] CVE-2002-1809: The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL r The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database.

CVE-2002-1921 [HIGH] CVE-2002-1921: The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bi The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.

CVE-2002-1374 [HIGH] CVE-2002-1374: The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attacke The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.

CVE-2002-1376 [HIGH] CVE-2002-1376: libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify le libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.

CVE-2002-1375 [HIGH] CVE-2002-1375: The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers t The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.

CVE-2002-1373 [MEDIUM] CVE-2002-1373: Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows re Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.

CVE-2002-0969 [HIGH] CWE-120 CVE-2002-0969: Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 plat Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group.

CVE-2001-1255 [MEDIUM] CVE-2001-1255: WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local use WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.

CVE-2001-0407 [MEDIUM] CVE-2001-0407: Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary fil Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).