Page 40 of 214 results (0.004 seconds)

CVSS: 5.0EPSS: 2%CPEs: 8EXPL: 0

Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user. Vulnerabilidad de doble liberación de memoria (double-free) en mysqld de MySQL anteriores a 3.23.55 permite a atacantes remotos causar una denegación de servicio (caída) mediante mysql_change_user. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743 http://marc.info/?l=bugtraq&m=104385719107879&w=2 http://www.debian.org/security/2003/dsa-303 http://www.iss.net/security_center/static/11199.php http://www.linuxsecurity.com/advisories/engarde_advisory-2873.html http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:013 http://www.mysql.com/doc/en/News-3.23.55.html http://www.redhat.com/support/errata/RHSA-2003-093.html http://www.redhat.c •

CVSS: 7.5EPSS: 1%CPEs: 42EXPL: 0

The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection. • http://online.securityfocus.com/archive/1/288105 http://www.iss.net/security_center/static/9909.php http://www.securityfocus.com/bid/5513 •

CVSS: 7.5EPSS: 1%CPEs: 42EXPL: 0

The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database. • http://online.securityfocus.com/archive/1/288105 http://www.iss.net/security_center/static/9908.php http://www.securityfocus.com/bid/5511 •

CVSS: 7.5EPSS: 2%CPEs: 34EXPL: 2

The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database. • https://www.exploit-db.com/exploits/21725 http://archives.neohapsis.com/archives/bugtraq/2002-08/0185.html http://www.iss.net/security_center/static/9902.php http://www.securityfocus.com/bid/5503 •

CVSS: 5.0EPSS: 7%CPEs: 47EXPL: 0

Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call. Vulnerabilidad de enteros con signo en el paquete COM_TABLE_DUMP de MySQL 3.23.x anteriores a 3.23.54 permite a atacantes remotos causar una denegación de servicio (caída o cuelge) en mysqld proveyendo a una llamada a memcpy() con enteros negativos grandes. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555 http://marc.info/?l=bugtraq&m=103971644013961&w=2 http://marc.info/?l=bugtraq&m=104004857201968&w=2 http://security.e-matters.de/advisories/042002.html http://www.debian.org/security/2002/dsa-212 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:087 http://www.novell.com/linux/security/advisories/2003_003_mysql.html http://www.redhat.com/support/errata/RHSA-2002-288.html http://www.redhat&# •