CVE Daily
← All tags

Tag: MySQL

All CVEs associated with "MySQL". Page 20/20 • 2289 CVEs.

Subscribe CVEs: RSS for “MySQL”  ·  RSS (High+Critical only)

About “MySQL”

A curated feed of “MySQL”-related CVEs appears below. We currently track 2289 CVEs for this tag (all time). In the last 365 days, 184 were published. Average CVSS is 5.6 (all time; 6.4 over 365d), and 20% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-400 - Uncontrolled Resource Consumption, CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE-284 - Improper Access Control.

In our taxonomy this topic maps to a MODERATE impact class. Databases, proxies, and web servers often need coordinated restarts and config checks. Patch only modules you deploy, verify TLS and authentication, and tune limits. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2001-02-09
High

CVE-2001-1454

Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request.

CVSS: 7.5 CWE: N/A View on NVD
2001-01-23
High

CVE-2001-1274

Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.

CVSS: 7.5 CWE: N/A View on NVD
2001-01-19
High

CVE-2001-1275

MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via passwor…

CVSS: 7.2 CWE: N/A View on NVD
2001-01-11
High

CVE-2001-1044

Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive in…

CVSS: 7.5 CWE: N/A View on NVD
2000-12-19
High

CVE-2000-0957

The pluggable authentication module for mysql (pam_mysql) before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or h…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2000-0981

MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password.

CVSS: 7.2 CWE: N/A View on NVD
2000-02-08
High

CVE-2000-0148

MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.

CVSS: 7.5 CWE: N/A View on NVD
2000-01-11
Medium

CVE-2000-0045

MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege.

CVSS: 6.4 CWE: N/A View on NVD
1998-12-27
Medium

CVE-1999-1188

mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database.

CVSS: 4.6 CWE: N/A View on NVD