Vulnerabilities > Mysql > Mysql > 4.1.13

DATE CVE VULNERABILITY TITLE RISK
2015-04-16 CVE-2015-2575 Remote Security vulnerability in Oracle MySQL Connectors
Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.
network
debian suse mysql
4.9
2012-05-03 CVE-2012-1696 Remote MySQL Server vulnerability in Oracle MySQL
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
network
low complexity
mysql oracle
4.0
2011-01-11 CVE-2010-3682 Denial Of Service vulnerability in Oracle MySQL 'EXPLAIN'
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ...
network
low complexity
mysql oracle
4.0
2011-01-11 CVE-2010-3677 Resource Management Errors vulnerability in multiple products
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.
network
low complexity
mysql oracle CWE-399
4.0
2010-05-21 CVE-2010-1626 Permissions, Privileges, and Access Controls vulnerability in multiple products
MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.
local
low complexity
mysql oracle CWE-264
3.6
2010-05-14 CVE-2010-1621 Permissions, Privileges, and Access Controls vulnerability in Mysql
The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.
network
low complexity
mysql CWE-264
5.0
2009-11-30 CVE-2009-4028 Improper Input Validation vulnerability in multiple products
The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.
network
mysql oracle CWE-20
6.8
2009-07-13 CVE-2009-2446 USE of Externally-Controlled Format String vulnerability in multiple products
Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request.
network
mysql oracle CWE-134
8.5
2009-03-05 CVE-2009-0819 Remote Denial Of Service vulnerability in MySQL XPath Expression
sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
network
low complexity
mysql oracle
4.0
2008-05-05 CVE-2008-2079 Permissions, Privileges, and Access Controls vulnerability in multiple products
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
network
high complexity
mysql oracle debian canonical CWE-264
4.6