Akkadian Provisioning Manager - Information Disclosure

Akkadian Provisioning Manager is susceptible to information disclosure. The restricted shell provided can be escaped by abusing the Edit MySQL Configuration command. This command launches a standard VI editor interface which can then be escaped. id: CVE-2021-31581 info: name: Akkadian Provisionin...

CVE-2026-44171

A flaw was found in MariaDB's mbstream utility. This vulnerability allows a highly privileged local attacker, who can provide a specially crafted archive, to create files outside of the intended target directory. This is due to mbstream not properly validating paths containing directory traversal...

CVE-2026-44169

A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...

CVE-2026-49261

A flaw was found in MariaDB server. When the wsrepnotifycmd feature is enabled, a remote attacker could exploit this vulnerability by embedding shell commands in the name of a joiner node. This could lead to arbitrary code execution on the server, allowing the attacker to take full control of the...

CVE-2026-48165

A flaw was found in MariaDB server. A high-privileged MariaDB user could exploit this vulnerability by manipulating specific global system variables, namely wsrepsstreceiveaddress or wsrepsstdonor. This manipulation could allow the user to execute arbitrary shell commands as the user ID of the...

CVE-2026-48163

A flaw was found in MariaDB server. During the State Snapshot Transfer SST process, a malicious joiner node could exploit improper parameter validation on the donor node. This vulnerability, specifically within the rsync SST method, allows the malicious joiner to execute arbitrary shell commands ...

CVE-2026-44173

A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary 'FILE' privilege when certain 'SELECT' statements, which write data to...

CVE-2026-44172

A flaw was found in MariaDB server. An application processing non-validated user input, which then uses mysqlrealescapestring and sends data to the database via text protocol with the big5 character set, is vulnerable to SQL injection. This allows a remote attacker to execute malicious SQL...

CVE-2026-44170

A flaw was found in MariaDB server. When the CONNECT engine is installed and REST support is enabled on Windows, a user can exploit improper sanitization of the table HTTP attribute. This attribute is interpolated into the curl command line, allowing for arbitrary shell command execution on the...

ROOT-OS-DEBIAN-13-CVE-2026-49261 CVE-2026-49261 in rootio-mariadb - Patched by Root

Root has patched CVE-2026-49261 in the rootio-mariadb package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2026-44168 CVE-2026-44168 in rootio-mariadb - Patched by Root

Root has patched CVE-2026-44168 in the rootio-mariadb package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2025-13699 CVE-2025-13699 in rootio-mariadb - Patched by Root

Root has patched CVE-2025-13699 in the rootio-mariadb package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2026-48165 CVE-2026-48165 in rootio-mariadb - Patched by Root

Root has patched CVE-2026-48165 in the rootio-mariadb package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2026-21968 CVE-2026-21968 in rootio-mariadb - Patched by Root

Root has patched CVE-2026-21968 in the rootio-mariadb package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2026-48163 CVE-2026-48163 in rootio-mariadb - Patched by Root

Root has patched CVE-2026-48163 in the rootio-mariadb package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2026-49261 CVE-2026-49261 in rootio-mariadb - Patched by Root

Root has patched CVE-2026-49261 in the rootio-mariadb package for Root:Debian:12. Multiple fixed versions available...

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected MariaDB installations. Authentication is required to exploit this vulnerability. The specific flaw exists within the processin...

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB version 10.5.13 allows a hamaria::extra application to crash due to certain SELECT statements...

Astra Linux – Vulnerability in Mariadb 10.3

It has been discovered that MariaDB Server v10.9 and earlier contain a segmentation fault through the component sql/itemcmpfunc.cc...

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB version 10.5.9 allows a SetVar.cc application to crash due to certain uses of the UPDATE statement in conjunction with a nested subquery...