Mysql : Security Vulnerabilities, CVEs, Published In 2007 CVSS score >= 5
The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.
Max CVSS
5.0
EPSS Score
1.41%
Published
2007-12-10
Updated
2019-12-17
MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.
Max CVSS
7.1
EPSS Score
2.01%
Published
2007-12-10
Updated
2018-10-15
MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.
Max CVSS
5.0
EPSS Score
84.76%
Published
2007-07-15
Updated
2018-10-15
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
Max CVSS
6.0
EPSS Score
1.45%
Published
2007-05-16
Updated
2019-12-17
4 vulnerabilities found