Vulnerabilities > Mysql > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-01-11 | CVE-2010-3680 | Denial Of Service vulnerability in Oracle MySQL 'TEMPORARY InnoDB' Tables Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure. | 4.0 |
| 2011-01-11 | CVE-2010-3679 | Resource Management Errors vulnerability in multiple products Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind. | 4.0 |
| 2011-01-11 | CVE-2010-3678 | Resource Management Errors vulnerability in multiple products Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier. | 4.0 |
| 2011-01-11 | CVE-2010-3677 | Resource Management Errors vulnerability in multiple products Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column. | 4.0 |
| 2011-01-11 | CVE-2010-3676 | Denial Of Service vulnerability in Oracle MySQL Prior to 5.1.49 'DDL' Statements storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement. | 4.0 |
| 2010-06-08 | CVE-2010-1850 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name. | 6.0 |
| 2010-06-08 | CVE-2010-1849 | The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length. | 5.0 |
| 2010-06-08 | CVE-2010-1848 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. | 6.5 |
| 2010-05-14 | CVE-2010-1621 | Permissions, Privileges, and Access Controls vulnerability in Mysql The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command. | 5.0 |
| 2009-11-30 | CVE-2009-4028 | Improper Input Validation vulnerability in multiple products The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library. | 6.8 |