Vulnerabilities > Mysql

DATE CVE VULNERABILITY TITLE RISK
2017-10-27 CVE-2017-15945 Incorrect Permission Assignment FOR Critical Resource vulnerability in multiple products
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.
local
low complexity
mariadb mysql gentoo CWE-732
7.2
2017-08-05 CVE-2017-12419 Information Exposure vulnerability in Mantisbt 2.5.2
If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide), and the MySQL client has a local_infile setting enabled (in php.ini mysqli.allow_local_infile, or the MySQL client config file, depending on the PHP setup), an attacker may take advantage of MySQL's "connect file read" feature to remotely access files on the MantisBT server.
network
low complexity
mantisbt mariadb mysql CWE-200
4.0
2015-04-16 CVE-2015-2575 Remote Security vulnerability in Oracle MySQL Connectors
Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.
network
debian suse mysql
4.9
2014-01-15 CVE-2014-0437 Remote Security vulnerability in Oracle MySQL Server
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
network
mysql oracle
3.5
2014-01-15 CVE-2014-0412 Remote Security vulnerability in Oracle MySQL Server
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
network
low complexity
mysql oracle
4.0
2014-01-15 CVE-2014-0402 Remote Security vulnerability in Oracle MySQL Server
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.
network
low complexity
mysql oracle
4.0
2014-01-15 CVE-2014-0401 Remote Security vulnerability in Oracle MySQL Server
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.
network
low complexity
oracle mysql
4.0
2014-01-15 CVE-2014-0393 Remote Security vulnerability in Oracle MySQL Server
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.
network
low complexity
oracle mysql
3.3
2014-01-15 CVE-2014-0386 Remote Security vulnerability in Oracle MySQL Server
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
network
low complexity
oracle mysql
4.0
2014-01-15 CVE-2013-5908 Remote Security vulnerability in Oracle MySQL Server
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.
network
high complexity
mysql oracle
2.6