CVE Daily
← All tags

Tag: MySQL

All CVEs associated with "MySQL". Page 10/20 • 2289 CVEs.

Subscribe CVEs: RSS for “MySQL”  ·  RSS (High+Critical only)

About “MySQL”

A curated feed of “MySQL”-related CVEs appears below. We currently track 2289 CVEs for this tag (all time). In the last 365 days, 184 were published. Average CVSS is 5.6 (all time; 6.4 over 365d), and 20% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-400 - Uncontrolled Resource Consumption, CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE-284 - Improper Access Control.

In our taxonomy this topic maps to a MODERATE impact class. Databases, proxies, and web servers often need coordinated restarts and config checks. Patch only modules you deploy, verify TLS and authentication, and tune limits. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2020-07-15
Medium

CVE-2020-14567

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerab…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-14559

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Ea…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2020-14553

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulne…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2020-14550

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vu…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2020-14547

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerabil…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-14540

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability al…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-14539

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily expl…

CVSS: 6.5 CWE: N/A View on NVD
2020-07-07
Critical

CVE-2020-8521

SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Critical

CVE-2020-8520

SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Critical

CVE-2020-8519

SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2020-06-30
High

CVE-2020-9483

**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache Sk…

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2019-19163

A Vulnerability in the firmware of COMMAX WallPad(CDP-1020MB) allow an unauthenticated adjacent attacker to execute arbitrary code, because of a using the old version of MySQL.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2020-06-29
Medium

CVE-2020-15319

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree.

CVSS: 5.9 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
Medium

CVE-2020-15318

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree.

CVSS: 5.9 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2020-06-01
High

CVE-2020-13694

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary…

CVSS: 8.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2020-05-20
High

CVE-2020-13249

libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code s…

CVSS: 8.8 CWE: N/A View on NVD
2020-05-14
Medium

CVE-2019-13021

The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passw…

CVSS: 6.5 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD
2020-05-07
Critical

CVE-2019-18868

Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak.

CVSS: 9.8 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD
2020-04-20
Medium

CVE-2020-11010

In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only…

CVSS: 6.3 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2020-04-15
Medium

CVE-2020-2934

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerabil…

CVSS: 5.0 CWE: N/A View on NVD
Low

CVE-2020-2933

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privi…

CVSS: 2.2 CWE: N/A View on NVD
Medium

CVE-2020-2930

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privil…

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2020-2928

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2926

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability all…

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2020-2925

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged a…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2924

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2923

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Low

CVE-2020-2922

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vu…

CVSS: 3.7 CWE: N/A View on NVD
Medium

CVE-2020-2921

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability…

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2020-2904

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2903

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2901

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2898

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). The supported version that is affected is 8.0.19. Easily exploitable vulnerability allows high privileged atta…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2897

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2896

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows h…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2895

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attac…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2893

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attac…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2892

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2875

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerabil…

CVSS: 4.7 CWE: N/A View on NVD
Medium

CVE-2020-2853

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2814

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vul…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2812

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2806

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.28 and prior. Difficult to exploit vulnerability allows low priv…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2020-2804

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult t…

CVSS: 5.9 CWE: N/A View on NVD
Medium

CVE-2020-2790

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.28 and prior. Easily exploitable vulnerability allows low p…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2020-2780

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitabl…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2020-2779

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2774

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2770

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privile…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2768

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.3.28 and prior, 7.4.27 and prior, 7.5.17 and prior, 7.6.13 and pri…

CVSS: 6.3 CWE: N/A View on NVD
Medium

CVE-2020-2765

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerabil…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2763

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily ex…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2762

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attac…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2761

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2760

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2020-2759

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high pri…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2752

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vu…

CVSS: 5.3 CWE: N/A View on NVD
2020-04-06
Critical

CVE-2020-11545

Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id pa…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2020-03-19
High

CVE-2019-16065

A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows an attacker to execute SQL commands to expose and compromise the web server, exp…

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2020-03-17
Medium

CVE-2019-20495

cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming (SEC-531).

CVSS: 6.5 CWE: N/A View on NVD
2020-03-05
Critical

CVE-2020-10106

PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database an…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2020-03-02
Medium

CVE-2019-18901

A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers…

CVSS: 5.1 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2020-02-14
High

CVE-2020-8611

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gai…

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2020-02-12
High

CVE-2020-5399

Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL da…

CVSS: 7.4 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
2020-02-07
High

CVE-2020-1708

It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them mo…

CVSS: 7.0 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2020-02-04
High

CVE-2020-7221

mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2020-01-31
Medium

CVE-2020-8505

School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user.

CVSS: 6.5 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2020-8504

School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user.

CVSS: 6.5 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2020-01-15
Low

CVE-2020-2694

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows…

CVSS: 3.1 CWE: N/A View on NVD
Medium

CVE-2020-2686

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privil…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2020-2679

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2660

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerabil…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2627

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privilege…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2020-2589

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2588

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2584

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerabil…

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2020-2580

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2579

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily expl…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2020-2577

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2020-2574

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vu…

CVSS: 5.9 CWE: N/A View on NVD
Medium

CVE-2020-2573

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows…

CVSS: 5.9 CWE: N/A View on NVD
Low

CVE-2020-2572

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnera…

CVSS: 2.7 CWE: N/A View on NVD
Medium

CVE-2020-2570

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows…

CVSS: 5.9 CWE: N/A View on NVD
2020-01-09
High

CVE-2020-5504

In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this…

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2019-11-26
Critical

CVE-2011-1939

SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2019-11-12
Medium

CVE-2010-4177

mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.

CVSS: 5.5 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
2019-11-06
Medium

CVE-2010-4178

MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console

CVSS: 5.5 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
2019-10-31
Critical

CVE-2019-18465

In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects…

CVSS: 9.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Critical

CVE-2019-18464

In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multiple SQL Injection vulnerabilities have been found in the REST API that…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2019-10-29
Critical

CVE-2019-10748

Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects.

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2019-10-17
Critical

CVE-2019-10752

Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON quer…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2019-10-16
Medium

CVE-2019-3018

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged att…

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2019-3011

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2019-3009

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high pr…

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2019-3004

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privilege…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2019-3003

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attac…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2019-2998

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2019-2997

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2019-2993

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerabilit…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2019-2991

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.017 and prior. Easily exploitable vulnerability allows high privil…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2019-2982

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2019-2974

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily expl…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2019-2969

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploi…

CVSS: 6.2 CWE: N/A View on NVD
Medium

CVE-2019-2968

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attac…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2019-2967

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privil…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2019-2966

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privil…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2019-2963

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attac…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2019-2960

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerab…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2019-2957

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2019-2950

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privi…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2019-2948

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerabil…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2019-2946

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability all…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2019-2938

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allow…

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2019-2924

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2019-2923

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2019-2922

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2019-2920

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 5.3.13 and prior and 8.0.17 and prior. Easily exploitable vulnerabi…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2019-2914

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable…

CVSS: 6.5 CWE: N/A View on NVD
Low

CVE-2019-2911

Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exp…

CVSS: 2.7 CWE: N/A View on NVD
Low

CVE-2019-2910

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Difficult to explo…

CVSS: 3.7 CWE: N/A View on NVD