6772 matches found
CVE-2026-44170
A flaw was found in MariaDB server. When the CONNECT engine is installed and REST support is enabled on Windows, a user can exploit improper sanitization of the table HTTP attribute. This attribute is interpolated into the curl command line, allowing for arbitrary shell command execution on the...
ROOT-OS-DEBIAN-12-CVE-2026-48163 CVE-2026-48163 in rootio-mariadb - Patched by Root
Root has patched CVE-2026-48163 in the rootio-mariadb package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2025-13699 CVE-2025-13699 in rootio-mariadb - Patched by Root
Root has patched CVE-2025-13699 in the rootio-mariadb package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-48165 CVE-2026-48165 in rootio-mariadb - Patched by Root
Root has patched CVE-2026-48165 in the rootio-mariadb package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-49261 CVE-2026-49261 in rootio-mariadb - Patched by Root
Root has patched CVE-2026-49261 in the rootio-mariadb package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-44172 CVE-2026-44172 in rootio-mariadb - Patched by Root
Root has patched CVE-2026-44172 in the rootio-mariadb package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-44170 CVE-2026-44170 in rootio-mariadb - Patched by Root
Root has patched CVE-2026-44170 in the rootio-mariadb package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-21968 CVE-2026-21968 in rootio-mariadb - Patched by Root
Root has patched CVE-2026-21968 in the rootio-mariadb package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-44168 CVE-2026-44168 in rootio-mariadb - Patched by Root
Root has patched CVE-2026-44168 in the rootio-mariadb package for Root:Debian:12. Multiple fixed versions available...
Amazon Linux 2023 : mariadb-connector-c, mariadb-connector-c-config, mariadb-connector-c-devel (ALAS2023-2026-1873)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1873 advisory. An application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injection...
Astra Linux – Vulnerability in Mariadb 10.3
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server up to 2021-03-03; and the wsrep patch up to 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUP...
Astra Linux – Vulnerability in Mariadb 10.3
In MariaDB before 10.9.2, the compresswrite function in extra/mariabackup/dscompress.cc does not release the datamutex upon a stream write failure, which allows local users to trigger a deadlock...
Astra Linux – Vulnerability in Mariadb 10.3
It was discovered that MariaDB v10.7 contains a use-after-poison issue in the interceptormemset function located at /libsanitizer/sanitizercommon/sanitizercommoninterceptors.inc...
Astra Linux – Vulnerability in Mariadb 10.3
It was discovered that MariaDB versions 10.2 to 10.7 contain a segmentation fault due to the component Exectimetracker::getloops/Filesorttracker::reportuse/filesort...
Astra Linux – Vulnerability in Mariadb 10.3
A issue was discovered in the Field::setdefault component of MariaDB Server v10.6 and earlier versions. This issue allows attackers to cause a Denial of Service DoS attack through specially crafted SQL statements...
Astra Linux – Vulnerability in Mariadb 10.3
There is an assertion failure in MariaDB Server v10.9 and below due to the condition 'node-pcur-relpos == BTRPCURON' at /row/row0mysql.cc...
Astra Linux – Vulnerability in Mariadb 10.3
MariaDB before 10.7.2 allowed applications to crash because it did not recognize that SELECTLEX::nestlevel is local to each VIEW...
Astra Linux – Vulnerability in Mariadb 10.3
MariaDB Server versions 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 have an issue where the fixfieldsifneeded function under mysqlderivedprepare is called when the derived table is not yet prepared,...
Astra Linux – Vulnerability in Mariadb 10.3
In MariaDB versions up to 10.5.9, attackers can exploit a vulnerability that triggers a convertconsttoint use-after-free when the BIGINT data type is used...
Astra Linux – Vulnerability in Python-Django
A issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. Methods like QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are vulnerable to SQL injection when column aliases are used, especially when a properly crafted dictionary is passed...