Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Mariadb Subscribe
Total 401 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-0641 6 Debian, Ibm, Mariadb and 3 more 7 Debian Linux, Powerkvm, Mariadb and 4 more 2019-12-27 4.9 MEDIUM 5.1 MEDIUM
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.
CVE-2016-0640 6 Debian, Ibm, Mariadb and 3 more 7 Debian Linux, Powerkvm, Mariadb and 4 more 2019-12-27 4.9 MEDIUM 6.1 MEDIUM
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.
CVE-2016-0644 6 Debian, Ibm, Mariadb and 3 more 7 Debian Linux, Powerkvm, Mariadb and 4 more 2019-12-27 4.0 MEDIUM 5.5 MEDIUM
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.
CVE-2016-0616 6 Canonical, Debian, Mariadb and 3 more 14 Ubuntu Linux, Debian Linux, Mariadb and 11 more 2019-12-27 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
CVE-2016-0609 6 Canonical, Debian, Mariadb and 3 more 16 Ubuntu Linux, Debian Linux, Mariadb and 13 more 2019-12-27 1.7 LOW N/A
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.
CVE-2016-3521 5 Canonical, Debian, Ibm and 2 more 6 Ubuntu Linux, Debian Linux, Powerkvm and 3 more 2019-12-27 6.8 MEDIUM 6.5 MEDIUM
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.
CVE-2016-5444 4 Ibm, Mariadb, Oracle and 1 more 11 Powerkvm, Mariadb, Linux and 8 more 2019-12-27 4.3 MEDIUM 3.7 LOW
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.
CVE-2016-5440 6 Canonical, Debian, Ibm and 3 more 12 Ubuntu Linux, Debian Linux, Powerkvm and 9 more 2019-12-27 4.0 MEDIUM 4.9 MEDIUM
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.
CVE-2014-0001 3 Mariadb, Oracle, Redhat 6 Mariadb, Mysql, Enterprise Linux and 3 more 2019-12-17 7.5 HIGH N/A
Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.
CVE-2017-15365 3 Fedoraproject, Mariadb, Percona 3 Fedora, Mariadb, Xtradb Cluster 2019-10-02 6.5 MEDIUM 8.8 HIGH
sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
CVE-2017-3302 4 Debian, Mariadb, Oracle and 1 more 8 Debian Linux, Mariadb, Mysql and 5 more 2019-10-02 5.0 MEDIUM 7.5 HIGH
Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.
CVE-2017-15945 3 Gentoo, Mariadb, Mysql 3 Linux, Mariadb, Mysql 2019-10-02 7.2 HIGH 7.8 HIGH
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.
CVE-2016-0655 5 Debian, Mariadb, Opensuse and 2 more 5 Debian Linux, Mariadb, Leap and 2 more 2019-04-22 3.5 LOW 4.7 MEDIUM
Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to InnoDB.
CVE-2016-0643 6 Debian, Ibm, Mariadb and 3 more 6 Debian Linux, Powerkvm, Mariadb and 3 more 2019-04-22 4.0 MEDIUM 3.3 LOW
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.
CVE-2016-0610 6 Canonical, Debian, Mariadb and 3 more 7 Ubuntu Linux, Debian Linux, Mariadb and 4 more 2019-04-22 3.5 LOW N/A
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
CVE-2016-8283 2 Mariadb, Oracle 2 Mariadb, Mysql 2019-03-07 4.0 MEDIUM 4.3 MEDIUM
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.
CVE-2016-6663 3 Mariadb, Oracle, Percona 4 Mariadb, Mysql, Percona Server and 1 more 2019-03-05 4.4 MEDIUM 7.0 HIGH
Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
CVE-2016-3459 2 Mariadb, Oracle 2 Mariadb, Mysql 2019-02-21 4.0 MEDIUM 4.9 MEDIUM
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.
CVE-2012-5611 3 Linux, Mariadb, Oracle 3 Linux, Mariadb, Mysql 2017-09-18 6.5 MEDIUM N/A
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
CVE-2017-12419 3 Mantisbt, Mariadb, Mysql 3 Mantisbt, Mariadb, Mysql 2017-08-09 4.0 MEDIUM 4.9 MEDIUM
If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide), and the MySQL client has a local_infile setting enabled (in php.ini mysqli.allow_local_infile, or the MySQL client config file, depending on the PHP setup), an attacker may take advantage of MySQL's "connect file read" feature to remotely access files on the MantisBT server.