Filtered by vendor Mariadb
Subscribe
Total
416 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-3494 | 2 Amazon, Mariadb | 3 Aurora Mysql, Relational Database Service, Mariadb | 2026-06-17 | N/A | 4.3 MEDIUM |
| In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged. | |||||
| CVE-2025-56404 | 1 Mariadb | 1 Model Context Protocol | 2026-06-17 | N/A | 7.5 HIGH |
| An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via the SSE service as the SSE service lacks user validation. | |||||
| CVE-2024-27766 | 1 Mariadb | 1 Mariadb | 2026-06-17 | N/A | 5.7 MEDIUM |
| An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. | |||||
| CVE-2023-5157 | 3 Fedoraproject, Mariadb, Redhat | 12 Fedora, Mariadb, Enterprise Linux and 9 more | 2026-06-17 | N/A | 7.5 HIGH |
| A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service. | |||||
| CVE-2023-40354 | 1 Mariadb | 1 Maxscale | 2026-06-17 | N/A | 6.5 MEDIUM |
| An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a "maxctrl create service" command line, but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are 2.5.28, 6.4.9, 22.08.8, and 23.02.3. | |||||
| CVE-2023-39593 | 1 Mariadb | 1 Mariadb | 2026-06-17 | N/A | 5.6 MEDIUM |
| Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. | |||||
| CVE-2023-26785 | 1 Mariadb | 1 Mariadb | 2026-06-17 | N/A | 9.8 CRITICAL |
| MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. | |||||
| CVE-2023-22084 | 4 Fedoraproject, Mariadb, Netapp and 1 more | 4 Fedora, Mariadb, Oncommand Insight and 1 more | 2026-06-17 | N/A | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2022-47015 | 1 Mariadb | 1 Mariadb | 2026-06-17 | N/A | 6.5 MEDIUM |
| MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer. | |||||
| CVE-2022-38791 | 2 Fedoraproject, Mariadb | 2 Fedora, Mariadb | 2026-06-17 | N/A | 5.5 MEDIUM |
| In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. | |||||
| CVE-2022-32091 | 3 Debian, Fedoraproject, Mariadb | 3 Debian Linux, Fedora, Mariadb | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. | |||||
| CVE-2022-32089 | 2 Fedoraproject, Mariadb | 2 Fedora, Mariadb | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. | |||||
| CVE-2022-32088 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. | |||||
| CVE-2022-32087 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. | |||||
| CVE-2022-32086 | 1 Mariadb | 1 Mariadb | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field. | |||||
| CVE-2022-32085 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. | |||||
| CVE-2022-32084 | 3 Debian, Fedoraproject, Mariadb | 3 Debian Linux, Fedora, Mariadb | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. | |||||
| CVE-2022-32083 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. | |||||
| CVE-2022-32082 | 2 Fedoraproject, Mariadb | 2 Fedora, Mariadb | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. | |||||
| CVE-2022-32081 | 2 Fedoraproject, Mariadb | 2 Fedora, Mariadb | 2026-06-17 | 7.5 HIGH | 7.5 HIGH |
| MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. | |||||