| Max CVSS | 8.5 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2009-4030 | 4.4 |
MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks
|
13-02-2023 - 02:20 | 30-11-2009 - 17:30 | |
| CVE-2008-4098 | 4.6 |
MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and
|
17-12-2019 - 20:26 | 18-09-2008 - 15:04 | |
| CVE-2010-1848 | 6.5 |
Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tab
|
17-12-2019 - 20:26 | 08-06-2010 - 00:30 | |
| CVE-2009-2446 | 8.5 |
Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other
|
17-12-2019 - 20:26 | 13-07-2009 - 17:30 | |
| CVE-2010-3840 | 4.0 |
The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a
|
17-12-2019 - 20:23 | 14-01-2011 - 19:02 | |
| CVE-2010-3681 | 4.0 |
Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an as
|
17-12-2019 - 20:23 | 11-01-2011 - 20:00 | |
| CVE-2006-3469 | 4.0 |
Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_forma
|
17-12-2019 - 20:16 | 21-07-2006 - 14:03 | |
| CVE-2006-4031 | 2.1 |
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy. This vuln
|
17-12-2019 - 20:16 | 09-08-2006 - 22:04 | |
| CVE-2008-4456 | 2.6 |
Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by
|
17-12-2019 - 19:56 | 06-10-2008 - 23:25 | |
| CVE-2008-2079 | 4.6 |
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY argume
|
17-12-2019 - 15:25 | 05-05-2008 - 16:20 | |
| CVE-2007-2691 | 4.9 |
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. The vendor has released a product update to address
|
19-10-2018 - 19:00 | 16-05-2007 - 01:19 |