31 matches found
OESA-2026-2396 mariadb security update
MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs a...
Astra Linux - уязвимость в mariadb-10.3
MariaDB Server before version 10.7 is vulnerable to Denial of Service attacks. During the execution of the plugin/serveraudit/serveraudit.c method logstatementex, the held lock lockbigbuffer is not released properly, allowing local users to trigger a Denial of Service attack due to a deadlock...
MariaDB Server Audit Plugin Comment Handling Bypass
...
CVE-2026-3494
A flaw was found in MariaDB. An authenticated database user can exploit this vulnerability by invoking SQL statements prefixed with double-hyphen — or hash style comments. When the server audit plugin is enabled with specific event filtering, these statements are not logged. This oversight can le...
AZL-79550 CVE-2026-3494 affecting package mariadb 10.11.15-1
In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...
AZL-79365 CVE-2026-3494 affecting package mariadb 10.6.24-1
In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...
CVE-2026-3494
In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...
CVE-2026-3494 MariaDB Server Audit Plugin Comment Handling Bypass
In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...
CVE-2026-3494 MariaDB Server Audit Plugin Comment Handling Bypass
In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...
CVE-2026-3494
In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...
CVE-2026-3494
Disclaimer: This data contains information about vulnerable...
CVE-2025-12679
CVE-2025-12679 affects Brocade SANnav prior to 2.4.0b and 3.0.0, where during migration the Password-Based Encryption (PBE) key is logged in plaintext to the system audit logs. An attacker with local access to these logs (audit logs on the host server, visible only to privileged users) could retr...
EUVD-2016-6579
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2022-31624
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/serveraudit/serveraudit.c method logstatementex, the held lock...
Linux Distros Unpatched Vulnerability : CVE-2019-2791
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Audit Plug-in. Supported versions that are affected are 5.7.26 and prior and...
Linux Distros Unpatched Vulnerability : CVE-2020-2572
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Audit Plugin. Supported versions that are affected are 5.7.28 and prior and 8.0.18...
CVE-2025-4166
Vault Community and Vault Enterprise Key/Value kv Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is...
CVE-2024-21061
A flaw was found in the MySQL Server product of Oracle MySQL component: Server: Audit Plug-in. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorize...
mysql: Server: Audit Plug-in unspecified vulnerability (CPU Apr 2024)
A flaw was found in the MySQL Server product of Oracle MySQL component: Server: Audit Plug-in. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorize...
mariadb: DoS due to improper locking due to unreleased lock in plugin/server_audit/server_audit.c
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/serveraudit/serveraudit.c method logstatementex, the held lock lockbigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock...