Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6731 | 1 Sun | 3 Jdk, Jre, Sdk | 2019-10-09 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2005-2926 | 1 Sco | 1 Openserver | 2019-10-09 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in (1) backupsh and (2) authsh in SCO Openserver 5.0.7 allows local users to execute arbitrary code via a long HOME environment variable. | |||||
| CVE-1999-0734 | 1 Cisco | 1 Ciscosecure | 2019-10-09 | 7.5 HIGH | N/A |
| A default configuration of CiscoSecure Access Control Server (ACS) allows remote users to modify the server database without authentication. | |||||
| CVE-2003-1331 | 1 Oracle | 1 Mysql | 2019-10-07 | 4.0 MEDIUM | N/A |
| Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453. | |||||
| CVE-2004-0835 | 3 Debian, Mysql, Oracle | 3 Debian Linux, Mysql, Mysql | 2019-10-07 | 7.5 HIGH | N/A |
| MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities. | |||||
| CVE-2003-0150 | 1 Oracle | 1 Mysql | 2019-10-07 | 9.0 HIGH | N/A |
| MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf. | |||||
| CVE-2002-0969 | 1 Oracle | 1 Mysql | 2019-10-07 | 4.6 MEDIUM | N/A |
| Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group. | |||||
| CVE-2002-1373 | 1 Oracle | 1 Mysql | 2019-10-07 | 5.0 MEDIUM | N/A |
| Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call. | |||||
| CVE-2002-1374 | 2 Oracle, Symantec Veritas | 3 Mysql, Netbackup Advanced Reporter, Netbackup Global Data Manager | 2019-10-07 | 7.5 HIGH | N/A |
| The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password. | |||||
| CVE-2002-1376 | 2 Oracle, Symantec Veritas | 3 Mysql, Netbackup Advanced Reporter, Netbackup Global Data Manager | 2019-10-07 | 7.5 HIGH | N/A |
| libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2002-1375 | 2 Oracle, Symantec Veritas | 3 Mysql, Netbackup Advanced Reporter, Netbackup Global Data Manager | 2019-10-07 | 7.5 HIGH | N/A |
| The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response. | |||||
| CVE-2003-0073 | 1 Oracle | 1 Mysql | 2019-10-07 | 5.0 MEDIUM | N/A |
| Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user. | |||||
| CVE-2001-0407 | 1 Oracle | 1 Mysql | 2019-10-07 | 4.6 MEDIUM | N/A |
| Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot). | |||||
| CVE-2001-1453 | 1 Oracle | 1 Mysql | 2019-10-07 | 7.5 HIGH | N/A |
| Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allows remote attackers to execute arbitrary code via a long host parameter. | |||||
| CVE-2002-1921 | 1 Oracle | 1 Mysql | 2019-10-07 | 7.5 HIGH | N/A |
| The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database. | |||||
| CVE-2002-1809 | 1 Oracle | 1 Mysql | 2019-10-07 | 7.5 HIGH | N/A |
| The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database. | |||||
| CVE-2001-1454 | 1 Oracle | 1 Mysql | 2019-10-07 | 7.5 HIGH | N/A |
| Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request. | |||||
| CVE-2002-1923 | 1 Oracle | 1 Mysql | 2019-10-07 | 7.5 HIGH | N/A |
| The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection. | |||||
| CVE-2001-1274 | 1 Oracle | 1 Mysql | 2019-10-07 | 7.5 HIGH | N/A |
| Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges. | |||||
| CVE-2001-1275 | 1 Oracle | 1 Mysql | 2019-10-07 | 7.2 HIGH | N/A |
| MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking. | |||||