CVSS: 5.0EPSS: 2%CPEs: 8EXPL: 0CVE-2003-0073
https://notcve.org/view.php?id=CVE-2003-0073
Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user. Vulnerabilidad de doble liberación de memoria (double-free) en mysqld de MySQL anteriores a 3.23.55 permite a atacantes remotos causar una denegación de servicio (caída) mediante mysql_change_user. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743 http://marc.info/?l=bugtraq&m=104385719107879&w=2 http://www.debian.org/security/2003/dsa-303 http://www.iss.net/security_center/static/11199.php http://www.linuxsecurity.com/advisories/engarde_advisory-2873.html http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:013 http://www.mysql.com/doc/en/News-3.23.55.html http://www.redhat.com/support/errata/RHSA-2003-093.html http://www.redhat.c •
CVSS: 7.5EPSS: 2%CPEs: 34EXPL: 2CVE-2002-1809 – MySQL 3.20.32/3.22.x/3.23.x - Null Root Password Weak Default Configuration
https://notcve.org/view.php?id=CVE-2002-1809
The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database. • https://www.exploit-db.com/exploits/21725 http://archives.neohapsis.com/archives/bugtraq/2002-08/0185.html http://www.iss.net/security_center/static/9902.php http://www.securityfocus.com/bid/5503 •
CVSS: 7.5EPSS: 1%CPEs: 42EXPL: 0CVE-2002-1921
https://notcve.org/view.php?id=CVE-2002-1921
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database. • http://online.securityfocus.com/archive/1/288105 http://www.iss.net/security_center/static/9908.php http://www.securityfocus.com/bid/5511 •
CVSS: 7.5EPSS: 1%CPEs: 42EXPL: 0CVE-2002-1923
https://notcve.org/view.php?id=CVE-2002-1923
The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection. • http://online.securityfocus.com/archive/1/288105 http://www.iss.net/security_center/static/9909.php http://www.securityfocus.com/bid/5513 •
CVSS: 7.5EPSS: 2%CPEs: 62EXPL: 2CVE-2002-1374 – MySQL 3.23.x/4.0.x - 'COM_CHANGE_USER' Password Length Account
https://notcve.org/view.php?id=CVE-2002-1374
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password. El comando COM_CHANGE_USER en MySQL 3.x anterirores de 3.23.54 y 4.x anteriores a 4.0.5 permite a atacantes remotos ganar privilegios mediante un ataque de fuerza bruta usando una contraseña de un carácter, lo que hace que MySQL compare la contraseña suministrada sólo con el primer carácter de la contraseña real. • https://www.exploit-db.com/exploits/22084 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555 http://marc.info/?l=bugtraq&m=103971644013961&w=2 http://marc.info/?l=bugtraq&m=104004857201968&w=2 http://marc.info/?l=bugtraq&m=104005886114500&w=2 http://security.e-matters.de/advisories/042002.html http://www.debian.org/security/2002/dsa-212 http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html http://www.mandrakesoft.com/security/advisories? •