Lucene search
K

345 matches found

RedHat Linux
RedHat Linux
added 6 days ago4 views

mariadb: MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string()

A flaw was found in MariaDB server. An application processing non-validated user input, which then uses mysqlrealescapestring and sends data to the database via text protocol with the big5 character set, is vulnerable to SQL injection. This allows a remote attacker to execute malicious SQL...

9.8CVSS5.9AI score0.00419EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 6 days ago5 views

mariadb: MariaDB: Privilege bypass allows unauthorized file write via subqueries

A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary 'FILE' privilege when certain 'SELECT' statements, which write data to...

8.1CVSS5.8AI score0.00399EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/23 7:44 a.m.4 views

CVE-2026-48165

A flaw was found in MariaDB server. A high-privileged MariaDB user could exploit this vulnerability by manipulating specific global system variables, namely wsrepsstreceiveaddress or wsrepsstdonor. This manipulation could allow the user to execute arbitrary shell commands as the user ID of the...

9.1CVSS6.1AI score0.00967EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/23 7:44 a.m.6 views

CVE-2026-44173

A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary 'FILE' privilege when certain 'SELECT' statements, which write data to...

8.1CVSS5.8AI score0.00399EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected MariaDB installations. Authentication is required to exploit this vulnerability. The specific flaw exists within the processi...

7.8CVSS7.6AI score0.00645EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB version 10.5.9 allows an application crash in the findfieldintables and findorderinlist functions due to an unused common table expression CTE...

5.5CVSS6.8AI score0.00403EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Mariadb 10.3

A issue in the Createtmptable::finalize component of MariaDB Server v10.7 and below was discovered. This issue allows attackers to cause a Denial of Service DoS attack through specially crafted SQL statements...

7.5CVSS8AI score0.02406EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Mariadb 10.3

In MariaDB, the getsortbytable function before version 10.6.2 allows an application to crash due to certain uses of the ORDER BY clause...

5.5CVSS7.1AI score0.00393EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Mariadb 10.3

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server up to 2021-03-03; and the wsrep patch up to 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUP...

9CVSS8.7AI score0.38179EPSS
Exploits9References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Mariadb 10.3

It has been discovered that MariaDB Server v10.7 and earlier contain a global buffer overflow in the decimalbinsize component, which can be exploited through specially crafted SQL statements...

7.5CVSS8.1AI score0.02458EPSS
Exploits1References2
OSV
OSV
added 2026/06/16 11:50 a.m.5 views

BIT-MYSQL-CLIENT-2026-48165 MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrepsstreceiveaddress or wsrepsstdonor global system...

9.1CVSS5.6AI score0.00967EPSS
Exploits0References13
OSV
OSV
added 2026/06/12 6:16 p.m.9 views

ALPINE-CVE-2026-44171

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contai...

7.8CVSS5.3AI score0.00135EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 5:35 p.m.46 views

CVE-2026-48165 MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrepsstreceiveaddress or wsrepsstdonor global system...

8CVSS0.00967EPSS
Exploits0References2
Amazon
Amazon
added 2026/06/12 12:0 a.m.6 views

Medium: mariadb114

Issue Overview: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.5CVSS6.7AI score0.00303EPSS
Exploits1
Redos
Redos
added 2026/05/24 12:0 a.m.15 views

ROS-20260524-73-0043

Vulnerability in mariadb related to security configuration errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

5.3CVSS7.1AI score0.00274EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: mariadb (UTSA-2026-021669)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021669 advisory. MariaDB through 10.5.9 allows a sqlparse.cc application crash because of incorrect usedtables expectations. Tenable has extracted the preceding description block...

5.5CVSS6.8AI score0.004EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: mariadb (UTSA-2026-021663)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021663 advisory. MariaDB through 10.5.9 allows attackers to trigger a convertconsttoint use-after-free when the BIGINT data type is used. Tenable has extracted the preceding...

7.5CVSS7.1AI score0.02403EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: mariadb (UTSA-2026-021672)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021672 advisory. getsortbytable in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. Tenable has extracted the preceding description block...

5.5CVSS6.8AI score0.00393EPSS
Exploits1References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB version 10.5.13 allows a hamaria::extra application to crash due to certain SELECT statements...

5.5CVSS7.1AI score0.00403EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB version 10.5.9 allows a SetVar.cc application to crash due to certain uses of the UPDATE statement in conjunction with a nested subquery...

5.5CVSS7AI score0.00391EPSS
Exploits1References2
Rows per page
Query Builder