Lucene search

K

Mariadb Security Vulnerabilities

cve
cve

CVE-2019-2614

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple prot...

4.4CVSS

4.7AI Score

0.002EPSS

2019-04-23 07:32 PM
324
cve
cve

CVE-2019-2627

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multip...

4.9CVSS

4.8AI Score

0.003EPSS

2019-04-23 07:32 PM
252
cve
cve

CVE-2019-2628

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

4.9CVSS

4.7AI Score

0.003EPSS

2019-04-23 07:32 PM
268
2
cve
cve

CVE-2019-2737

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pr...

4.9CVSS

5AI Score

0.001EPSS

2019-07-23 11:15 PM
221
cve
cve

CVE-2019-2739

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructu...

5.1CVSS

5.4AI Score

0.001EPSS

2019-07-23 11:15 PM
260
cve
cve

CVE-2019-2740

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to co...

6.5CVSS

6.3AI Score

0.002EPSS

2019-07-23 11:15 PM
376
2
cve
cve

CVE-2019-2758

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

5.5CVSS

5.3AI Score

0.003EPSS

2019-07-23 11:15 PM
300
2
cve
cve

CVE-2019-2805

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.5CVSS

6.3AI Score

0.002EPSS

2019-07-23 11:15 PM
239
2
cve
cve

CVE-2019-2938

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Su...

4.4CVSS

4.5AI Score

0.001EPSS

2019-10-16 06:15 PM
441
cve
cve

CVE-2019-2974

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to c...

6.5CVSS

6.3AI Score

0.003EPSS

2019-10-16 06:15 PM
345
2
cve
cve

CVE-2020-13249

libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.

8.8CVSS

8.6AI Score

0.003EPSS

2020-05-20 07:15 PM
198
2
cve
cve

CVE-2020-14550

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise ...

5.3CVSS

5.2AI Score

0.001EPSS

2020-07-15 06:15 PM
225
2
cve
cve

CVE-2020-14765

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to comprom...

6.5CVSS

6.4AI Score

0.005EPSS

2020-10-21 03:15 PM
214
4
cve
cve

CVE-2020-14776

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succ...

4.9CVSS

5.2AI Score

0.001EPSS

2020-10-21 03:15 PM
210
cve
cve

CVE-2020-14789

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

4.9CVSS

5.1AI Score

0.001EPSS

2020-10-21 03:15 PM
204
cve
cve

CVE-2020-14812

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to co...

4.9CVSS

5.1AI Score

0.002EPSS

2020-10-21 03:15 PM
228
4
cve
cve

CVE-2020-15180

A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in wsrep_sst_method allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availab...

9CVSS

9.3AI Score

0.009EPSS

2021-05-27 08:15 PM
264
8
cve
cve

CVE-2020-2574

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...

5.9CVSS

5.6AI Score

0.009EPSS

2020-01-15 05:15 PM
437
2
cve
cve

CVE-2020-2752

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise ...

5.3CVSS

6AI Score

0.002EPSS

2020-04-15 02:15 PM
359
cve
cve

CVE-2020-2760

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succ...

5.5CVSS

5.6AI Score

0.001EPSS

2020-04-15 02:15 PM
312
2
cve
cve

CVE-2020-2780

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to comprom...

6.5CVSS

6.3AI Score

0.001EPSS

2020-04-15 02:15 PM
243
2
cve
cve

CVE-2020-2812

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protoc...

4.9CVSS

5.2AI Score

0.002EPSS

2020-04-15 02:15 PM
300
3
cve
cve

CVE-2020-2814

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise ...

4.9CVSS

5.2AI Score

0.002EPSS

2020-04-15 02:15 PM
236
4
cve
cve

CVE-2020-28912

With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between t...

7CVSS

7.1AI Score

0.001EPSS

2020-12-24 08:15 PM
88
3
cve
cve

CVE-2020-2922

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...

3.7CVSS

3.4AI Score

0.002EPSS

2020-04-15 02:15 PM
288
2
cve
cve

CVE-2020-7221

mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL pro...

7.8CVSS

7.4AI Score

0.001EPSS

2020-02-04 05:15 PM
58
cve
cve

CVE-2021-2007

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...

3.7CVSS

3.4AI Score

0.002EPSS

2021-01-20 03:15 PM
244
6
cve
cve

CVE-2021-2011

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Suc...

5.9CVSS

5.5AI Score

0.003EPSS

2021-01-20 03:15 PM
393
4
cve
cve

CVE-2021-2022

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromis...

4.4CVSS

4.5AI Score

0.002EPSS

2021-01-20 03:15 PM
291
7
cve
cve

CVE-2021-2032

Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL S...

4.3CVSS

3.7AI Score

0.001EPSS

2021-01-20 03:15 PM
151
2
cve
cve

CVE-2021-2144

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Serv...

7.2CVSS

6.5AI Score

0.001EPSS

2021-04-22 10:15 PM
216
3
cve
cve

CVE-2021-2154

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

4.9CVSS

5AI Score

0.001EPSS

2021-04-22 10:15 PM
231
8
cve
cve

CVE-2021-2166

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

4.9CVSS

5.2AI Score

0.002EPSS

2021-04-22 10:15 PM
217
4
cve
cve

CVE-2021-2174

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Su...

4.4CVSS

4.4AI Score

0.001EPSS

2021-04-22 10:15 PM
115
cve
cve

CVE-2021-2180

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succ...

4.9CVSS

4.9AI Score

0.001EPSS

2021-04-22 10:15 PM
180
4
cve
cve

CVE-2021-2194

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succ...

4.9CVSS

4.9AI Score

0.001EPSS

2021-04-22 10:15 PM
214
cve
cve

CVE-2021-2372

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Su...

4.4CVSS

4.5AI Score

0.001EPSS

2021-07-21 03:15 PM
237
6
cve
cve

CVE-2021-2389

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Su...

5.9CVSS

5.4AI Score

0.269EPSS

2021-07-21 03:15 PM
268
8
cve
cve

CVE-2021-27928

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database S...

7.2CVSS

7.4AI Score

0.016EPSS

2021-03-19 03:15 AM
402
12
cve
cve

CVE-2021-35604

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succ...

5.5CVSS

5.4AI Score

0.001EPSS

2021-10-20 11:17 AM
220
7
cve
cve

CVE-2021-46657

get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.

5.5CVSS

5.7AI Score

0.001EPSS

2022-01-29 11:15 PM
110
cve
cve

CVE-2021-46658

save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.

5.5CVSS

5.7AI Score

0.001EPSS

2022-01-29 11:15 PM
118
cve
cve

CVE-2021-46659

MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.

5.5CVSS

6.3AI Score

0.001EPSS

2022-01-29 11:15 PM
120
cve
cve

CVE-2021-46661

MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).

5.5CVSS

6.3AI Score

0.001EPSS

2022-02-01 02:15 AM
122
cve
cve

CVE-2021-46662

MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.

5.5CVSS

5.5AI Score

0.001EPSS

2022-02-01 02:15 AM
139
cve
cve

CVE-2021-46663

MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.

5.5CVSS

6.3AI Score

0.001EPSS

2022-02-01 02:15 AM
124
2
cve
cve

CVE-2021-46664

MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.

5.5CVSS

6.3AI Score

0.001EPSS

2022-02-01 02:15 AM
112
2
cve
cve

CVE-2021-46665

MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.

5.5CVSS

6.3AI Score

0.001EPSS

2022-02-01 02:15 AM
122
4
cve
cve

CVE-2021-46666

MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.

5.5CVSS

5.6AI Score

0.001EPSS

2022-02-01 02:15 AM
97
cve
cve

CVE-2021-46667

MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.

5.5CVSS

5.6AI Score

0.001EPSS

2022-02-01 02:15 AM
128
4
Total number of security vulnerabilities401