502 matches found
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: mariadb11.8: mariadb-11.8.8-3.hum1 aarch64, x8664 mariadb-backup-11.8.8-3.hum1 aarch64, x8664 mariadb-client-utils-11.8.8-3.hum1 noarch mariadb-common-11.8.8-3.hum1 noarch...
mariadb: MariaDB Server: Arbitrary code execution via wsrep_notify_cmd
A flaw was found in MariaDB server. When the wsrepnotifycmd feature is enabled, a remote attacker could exploit this vulnerability by embedding shell commands in the name of a joiner node. This could lead to arbitrary code execution on the server, allowing the attacker to take full control of the...
mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check
A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...
mariadb: MariaDB Server: Arbitrary code execution via wsrep_notify_cmd
A flaw was found in MariaDB server. When the wsrepnotifycmd feature is enabled, a remote attacker could exploit this vulnerability by embedding shell commands in the name of a joiner node. This could lead to arbitrary code execution on the server, allowing the attacker to take full control of the...
mariadb: MariaDB Server: Arbitrary code execution via wsrep_notify_cmd
A flaw was found in MariaDB server. When the wsrepnotifycmd feature is enabled, a remote attacker could exploit this vulnerability by embedding shell commands in the name of a joiner node. This could lead to arbitrary code execution on the server, allowing the attacker to take full control of the...
mariadb: MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string()
A flaw was found in MariaDB server. An application processing non-validated user input, which then uses mysqlrealescapestring and sends data to the database via text protocol with the big5 character set, is vulnerable to SQL injection. This allows a remote attacker to execute malicious SQL...
CVE-2026-44169
A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...
CVE-2026-49261
A flaw was found in MariaDB server. When the wsrepnotifycmd feature is enabled, a remote attacker could exploit this vulnerability by embedding shell commands in the name of a joiner node. This could lead to arbitrary code execution on the server, allowing the attacker to take full control of the...
CVE-2026-48163
A flaw was found in MariaDB server. During the State Snapshot Transfer SST process, a malicious joiner node could exploit improper parameter validation on the donor node. This vulnerability, specifically within the rsync SST method, allows the malicious joiner to execute arbitrary shell commands ...
CVE-2026-44172
A flaw was found in MariaDB server. An application processing non-validated user input, which then uses mysqlrealescapestring and sends data to the database via text protocol with the big5 character set, is vulnerable to SQL injection. This allows a remote attacker to execute malicious SQL...
CVE-2026-44170
A flaw was found in MariaDB server. When the CONNECT engine is installed and REST support is enabled on Windows, a user can exploit improper sanitization of the table HTTP attribute. This attribute is interpolated into the curl command line, allowing for arbitrary shell command execution on the...
CVE-2026-48165
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrepsstreceiveaddress or wsrepsstdonor global system...
CVE-2026-48163
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...
CVE-2026-44173
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...
CVE-2026-44172
MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...
CVE-2026-44171
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contai...
CVE-2026-44169
MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been...
CVE-2026-44168
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...
CVE-2026-44170
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP...
Amazon Linux 2023 : mariadb114, mariadb114-backup, mariadb114-client-utils (ALAS2023-2026-1827)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1827 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable...