Vulnerabilities > Oracle > Mysql > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-31 | CVE-2002-1923 | Unspecified vulnerability in Oracle Mysql The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection. | 7.5 |
| 2002-12-31 | CVE-2002-1921 | Unspecified vulnerability in Oracle Mysql The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database. | 7.5 |
| 2002-12-31 | CVE-2002-1809 | Unspecified vulnerability in Oracle Mysql The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database. | 7.5 |
| 2002-12-23 | CVE-2002-1376 | Buffer Overflow vulnerability in MySQL libmysqlclient Library Read_Rows libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code. | 7.5 |
| 2002-12-23 | CVE-2002-1375 | The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response. | 7.5 |
| 2002-12-23 | CVE-2002-1374 | The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password. | 7.5 |
| 2002-10-11 | CVE-2002-0969 | Classic Buffer Overflow vulnerability in Oracle Mysql Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group. | 7.8 |
| 2001-02-09 | CVE-2001-1454 | Unspecified vulnerability in Oracle Mysql Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request. | 7.5 |
| 2001-02-09 | CVE-2001-1453 | Unspecified vulnerability in Oracle Mysql 3.23.32 Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allows remote attackers to execute arbitrary code via a long host parameter. | 7.5 |
| 2001-01-23 | CVE-2001-1274 | Unspecified vulnerability in Oracle Mysql Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges. | 7.5 |