8 matches found
mariadb: Arbitrary code execution via global system variable manipulation by a high-privileged user
A flaw was found in MariaDB server. A high-privileged MariaDB user could exploit this vulnerability by manipulating specific global system variables, namely wsrepsstreceiveaddress or wsrepsstdonor. This manipulation could allow the user to execute arbitrary shell commands as the user ID of the...
mariadb: Arbitrary code execution via global system variable manipulation by a high-privileged user
A flaw was found in MariaDB server. A high-privileged MariaDB user could exploit this vulnerability by manipulating specific global system variables, namely wsrepsstreceiveaddress or wsrepsstdonor. This manipulation could allow the user to execute arbitrary shell commands as the user ID of the...
CVE-2026-48165
A flaw was found in MariaDB server. A high-privileged MariaDB user could exploit this vulnerability by manipulating specific global system variables, namely wsrepsstreceiveaddress or wsrepsstdonor. This manipulation could allow the user to execute arbitrary shell commands as the user ID of the...
BIT-MARIADB-MIN-2026-44168 MariaDB: wsrep SST unsafe parameter handling on the donor side
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...
openSUSE 16 Security Update : mariadb (openSUSE-SU-2026:20933-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20933-1 advisory. This update for mariadb fixes the following issues Update to 11.8.8: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. -...
CVE-2026-48165
CVE-2026-48165 affects MariaDB server in Galera replication scenarios. A high-privileged MariaDB user could have used the wsrep_sst_receive_address or wsrep_sst_donor global system variables to run shell commands as the mariadbd process user on the Galera joiner node. Affected versions are 10.6.1...
SUSE-SU-2026:2330-1 Security update for mariadb
This update for mariadb fixes the following issues: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. - CVE-2026-34303: mysql: optimizer unspecified vulnerability bsc1266435. - CVE-2026-35549: SHA2 auth plugin crash on large packets bsc1261413. - CVE-2026-44168: wsrep SST unsafe...
Security update for mariadb
This update for mariadb fixes the following issues: CVE-2026-3494: audit plugin comment handling bypass bsc1259176. CVE-2026-34303: mysql: optimizer unspecified vulnerability bsc1266435. CVE-2026-44168: wsrep SST unsafe parameter handling on the donor side bsc1266442. CVE-2026-44170: argument...