Vulnerabilities > Mysql
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-12-10 | CVE-2007-6304 | Privilege Escalation And Denial Of Service vulnerability in MySQL Server The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns. | 5.0 |
| 2007-12-10 | CVE-2007-6303 | Privilege Escalation And Denial Of Service vulnerability in MySQL Server MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. | 3.5 |
| 2007-11-10 | CVE-2007-5925 | Improper Input Validation vulnerability in Mysql The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error. | 4.0 |
| 2007-07-15 | CVE-2007-3782 | Permissions, Privileges, and Access Controls vulnerability in Mysql Community Server 5.0.41/5.0.44 MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table. | 3.5 |
| 2007-07-15 | CVE-2007-3781 | Denial of Service vulnerability in Mysql Community Server 5.0.41/5.0.44 MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. | 4.0 |
| 2007-07-15 | CVE-2007-3780 | Improper Input Validation vulnerability in Mysql Community Server 5.0.41 MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol. | 5.0 |
| 2007-05-16 | CVE-2007-2693 | Information Disclosure vulnerability in MySQL Alter Table Function MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement. | 3.5 |
| 2007-05-16 | CVE-2007-2692 | Privilege Escalation vulnerability in MySQL Security Invoker The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges. | 6.0 |
| 2007-05-16 | CVE-2007-2691 | MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. | 4.9 |
| 2007-03-12 | CVE-2007-1420 | Remote Denial Of Service vulnerability in MySQL Single Row SubSelect MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function. | 2.1 |