Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Mariadb Subscribe
Filtered by product Mariadb
Total 400 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-32088 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-10-26 5.0 MEDIUM 7.5 HIGH
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.
CVE-2022-32085 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-10-26 5.0 MEDIUM 7.5 HIGH
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.
CVE-2022-32087 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-10-26 5.0 MEDIUM 7.5 HIGH
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.
CVE-2022-32086 1 Mariadb 1 Mariadb 2022-10-25 5.0 MEDIUM 7.5 HIGH
MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.
CVE-2022-32083 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-10-25 5.0 MEDIUM 7.5 HIGH
MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.
CVE-2021-46669 3 Debian, Fedoraproject, Mariadb 3 Debian Linux, Fedora, Mariadb 2022-10-19 5.0 MEDIUM 7.5 HIGH
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
CVE-2022-27379 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-10-07 5.0 MEDIUM 7.5 HIGH
An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
CVE-2022-27378 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-10-07 5.0 MEDIUM 7.5 HIGH
An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
CVE-2022-27448 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-10-07 5.0 MEDIUM 7.5 HIGH
There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.
CVE-2022-27447 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-10-07 5.0 MEDIUM 7.5 HIGH
MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.
CVE-2022-27458 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-10-07 5.0 MEDIUM 7.5 HIGH
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.
CVE-2022-27456 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-10-07 5.0 MEDIUM 7.5 HIGH
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.
CVE-2022-27377 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-10-07 5.0 MEDIUM 7.5 HIGH
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.
CVE-2022-27449 2 Debian, Mariadb 2 Debian Linux, Mariadb 2022-10-07 5.0 MEDIUM 7.5 HIGH
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.
CVE-2017-3313 5 Canonical, Debian, Mariadb and 2 more 10 Ubuntu Linux, Debian Linux, Mariadb and 7 more 2022-10-06 1.5 LOW 4.7 MEDIUM
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).
CVE-2017-10268 5 Debian, Mariadb, Netapp and 2 more 17 Debian Linux, Mariadb, Active Iq Unified Manager and 14 more 2022-09-29 1.5 LOW 4.1 MEDIUM
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).
CVE-2017-3317 4 Debian, Mariadb, Oracle and 1 more 9 Debian Linux, Mariadb, Mysql and 6 more 2022-09-29 1.5 LOW 4.0 MEDIUM
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).
CVE-2015-4836 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2022-09-29 2.8 LOW N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.
CVE-2017-3318 4 Debian, Mariadb, Oracle and 1 more 9 Debian Linux, Mariadb, Mysql and 6 more 2022-09-29 1.0 LOW 4.0 MEDIUM
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).
CVE-2014-2431 3 Mariadb, Oracle, Redhat 9 Mariadb, Mysql, Solaris and 6 more 2022-09-29 2.6 LOW N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.