Lucene search
+L

47 matches found

OSV
OSV
added 4 days ago3 views

USN-8536-1 mariadb vulnerabilities

It was discovered that MariaDB did not properly validate parameters supplied by a joiner node during a State Snapshot Transfer using the mariabackup method. An attacker could possibly use this issue to execute arbitrary shell commands on the donor node. CVE-2026-44168 It was discovered that Maria...

10CVSS6.4AI score0.00998EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.7 views

MariaDB 3.3.0 < 3.3.19/ 3.4.0 < 3.4.9

The version of MariaDB installed on the remote host is prior to 3.3.19, 3.4.9. It is, therefore, affected by a vulnerability as referenced in the GHSA-pv9p-5w55-55jm advisory. - MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was...

9.1CVSS6AI score0.00316EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/30 2:42 p.m.9 views

mariadb: MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string()

A flaw was found in MariaDB server. An application processing non-validated user input, which then uses mysqlrealescapestring and sends data to the database via text protocol with the big5 character set, is vulnerable to SQL injection. This allows a remote attacker to execute malicious SQL...

9.8CVSS5.9AI score0.00316EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/30 11:22 a.m.4 views

mariadb: MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string()

A flaw was found in MariaDB server. An application processing non-validated user input, which then uses mysqlrealescapestring and sends data to the database via text protocol with the big5 character set, is vulnerable to SQL injection. This allows a remote attacker to execute malicious SQL...

9.8CVSS5.9AI score0.00316EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/29 10:57 p.m.8 views

mariadb: MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string()

A flaw was found in MariaDB server. An application processing non-validated user input, which then uses mysqlrealescapestring and sends data to the database via text protocol with the big5 character set, is vulnerable to SQL injection. This allows a remote attacker to execute malicious SQL...

9.8CVSS5.9AI score0.00316EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/23 7:44 a.m.8 views

CVE-2026-44172

A flaw was found in MariaDB server. An application processing non-validated user input, which then uses mysqlrealescapestring and sends data to the database via text protocol with the big5 character set, is vulnerable to SQL injection. This allows a remote attacker to execute malicious SQL...

9.1CVSS6AI score0.00316EPSS
Exploits0References5
OSV
OSV
added 2026/06/16 11:50 a.m.5 views

BIT-MYSQL-CLIENT-2026-44172 MariaDB: mysql_real_escape_string() incorrectly handled big5

MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...

9.1CVSS5.5AI score0.00316EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.15 views

openSUSE 16 Security Update : mariadb (openSUSE-SU-2026:20933-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20933-1 advisory. This update for mariadb fixes the following issues Update to 11.8.8: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. -...

10CVSS6.8AI score0.00998EPSS
Exploits1References36
Snyk
Snyk
added 2026/06/12 6:16 p.m.9 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via mysqlrealescapestring when used with the text protocol and the Big5 character set. An attacker can execute arbitrary SQL queries by supplying specially crafted input that bypasses escaping performed by...

9.8CVSS6.2AI score0.00316EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 6:16 p.m.13 views

ALPINE-CVE-2026-44172

MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...

9.1CVSS5.5AI score0.00316EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 6:16 p.m.25 views

CVE-2026-44172

MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...

9.1CVSS0.00316EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/06/12 5:34 p.m.11 views

CVE-2026-44172

MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...

9.1CVSS5.5AI score0.00316EPSS
Exploits0
OSV
OSV
added 2026/06/10 10:57 a.m.6 views

OPENSUSE-SU-2026:20933-1 Security update for mariadb

This update for mariadb fixes the following issues Update to 11.8.8: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. - CVE-2026-34303: mysql: optimizer unspecified vulnerability bsc1266435. - CVE-2026-35549: SHA2 auth plugin crash on large packets bsc1261413. - CVE-2026-44168:...

10CVSS5.3AI score0.00998EPSS
Exploits1References24
OSV
OSV
added 2026/06/10 9:53 a.m.4 views

SUSE-SU-2026:22095-1 Security update for mariadb

This update for mariadb fixes the following issues Update to 11.8.8: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. - CVE-2026-34303: mysql: optimizer unspecified vulnerability bsc1266435. - CVE-2026-35549: SHA2 auth plugin crash on large packets bsc1261413. - CVE-2026-44168:...

10CVSS7.6AI score0.00998EPSS
Exploits1References25
SUSE Linux
SUSE Linux
added 2026/06/05 12:16 p.m.14 views

Security update for mariadb

This update for mariadb fixes the following issues: CVE-2026-3494: audit plugin comment handling bypass bsc1259176. CVE-2026-34303: mysql: optimizer unspecified vulnerability bsc1266435. CVE-2026-44168: wsrep SST unsafe parameter handling on the donor side bsc1266442. CVE-2026-44170: argument...

9.4CVSS7.1AI score0.00998EPSS
Exploits1References40
OSV
OSV
added 2026/06/05 12:16 p.m.6 views

SUSE-SU-2026:2284-1 Security update for mariadb

This update for mariadb fixes the following issues: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. - CVE-2026-34303: mysql: optimizer unspecified vulnerability bsc1266435. - CVE-2026-44168: wsrep SST unsafe parameter handling on the donor side bsc1266442. - CVE-2026-44170:...

10CVSS7.2AI score0.00998EPSS
Exploits1References21
OSV
OSV
added 2026/06/05 12:14 p.m.7 views

SUSE-SU-2026:2282-1 Security update for mariadb

This update for mariadb fixes the following issues: Security fixes: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. - CVE-2026-44168: wsrep SST unsafe parameter handling on the donor side bsc1266442. - CVE-2026-44170: argument injection in CONNECT REST Xcurl on Windows via...

10CVSS7AI score0.00998EPSS
Exploits1References19
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability in PostgresSQL 11

Improper neutralization of quoting syntax in PostgreSQL’s libpq functions such as PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to exploit SQL injection attacks under certain usage patterns. Specifically, SQL injection requires the...

8.1CVSS7AI score0.89914EPSS
Exploits10References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-8361

Malware in sbrugna...

7.5CVSS7.4AI score0.01603EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2016-7508

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when...

7.5CVSS7.9AI score0.01603EPSS
Exploits4References2
Rows per page
Query Builder