5 matches found
mariadb: Arbitrary code execution via global system variable manipulation by a high-privileged user
A flaw was found in MariaDB server. A high-privileged MariaDB user could exploit this vulnerability by manipulating specific global system variables, namely wsrepsstreceiveaddress or wsrepsstdonor. This manipulation could allow the user to execute arbitrary shell commands as the user ID of the...
mariadb: Arbitrary code execution via global system variable manipulation by a high-privileged user
A flaw was found in MariaDB server. A high-privileged MariaDB user could exploit this vulnerability by manipulating specific global system variables, namely wsrepsstreceiveaddress or wsrepsstdonor. This manipulation could allow the user to execute arbitrary shell commands as the user ID of the...
MGASA-2026-0207 Updated packages fix security vulnerabilities
CVE-2026-49261 MariaDB server has unsafe parameter handling in wsrepnotifycmd CVE-2026-48165 MariaDB: unsafe usage of wsrepsstreceiveaddress values on the joiner side CVE-2026-48163 MariaDB: wsrep SST unsafe parameter handling on the donor side rsync...
ALPINE-CVE-2026-48165
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrepsstreceiveaddress or wsrepsstdonor global system...
CVE-2026-48165 MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrepsstreceiveaddress or wsrepsstdonor global system...