Total
413 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-3494 | 2 Amazon, Mariadb | 3 Aurora Mysql, Relational Database Service, Mariadb | 2026-06-17 | N/A | 4.3 MEDIUM |
| In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged. | |||||
| CVE-2024-27766 | 1 Mariadb | 1 Mariadb | 2026-06-17 | N/A | 5.7 MEDIUM |
| An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. | |||||
| CVE-2023-5157 | 3 Fedoraproject, Mariadb, Redhat | 12 Fedora, Mariadb, Enterprise Linux and 9 more | 2026-06-17 | N/A | 7.5 HIGH |
| A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service. | |||||
| CVE-2023-39593 | 1 Mariadb | 1 Mariadb | 2026-06-17 | N/A | 5.6 MEDIUM |
| Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. | |||||
| CVE-2023-26785 | 1 Mariadb | 1 Mariadb | 2026-06-17 | N/A | 9.8 CRITICAL |
| MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. | |||||
| CVE-2023-22084 | 4 Fedoraproject, Mariadb, Netapp and 1 more | 4 Fedora, Mariadb, Oncommand Insight and 1 more | 2026-06-17 | N/A | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2022-47015 | 1 Mariadb | 1 Mariadb | 2026-06-17 | N/A | 6.5 MEDIUM |
| MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer. | |||||
| CVE-2022-38791 | 2 Fedoraproject, Mariadb | 2 Fedora, Mariadb | 2026-06-17 | N/A | 5.5 MEDIUM |
| In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. | |||||
| CVE-2022-32091 | 3 Debian, Fedoraproject, Mariadb | 3 Debian Linux, Fedora, Mariadb | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. | |||||
| CVE-2022-32089 | 2 Fedoraproject, Mariadb | 2 Fedora, Mariadb | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. | |||||
| CVE-2022-32088 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. | |||||
| CVE-2022-32087 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. | |||||
| CVE-2022-32086 | 1 Mariadb | 1 Mariadb | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field. | |||||
| CVE-2022-32085 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. | |||||
| CVE-2022-32084 | 3 Debian, Fedoraproject, Mariadb | 3 Debian Linux, Fedora, Mariadb | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. | |||||
| CVE-2022-32083 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. | |||||
| CVE-2022-32082 | 2 Fedoraproject, Mariadb | 2 Fedora, Mariadb | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. | |||||
| CVE-2022-32081 | 2 Fedoraproject, Mariadb | 2 Fedora, Mariadb | 2026-06-17 | 7.5 HIGH | 7.5 HIGH |
| MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. | |||||
| CVE-2022-31624 | 1 Mariadb | 1 Mariadb | 2026-06-17 | 2.1 LOW | 5.5 MEDIUM |
| MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. | |||||
| CVE-2022-31623 | 1 Mariadb | 1 Mariadb | 2026-06-17 | 2.1 LOW | 5.5 MEDIUM |
| MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. | |||||