Mariadb

mariadb

Vendor: Mariadb • 406 CVEs

CVEs (406)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-35549 1Mariadb 1Mariadb Jun 2, 2026 Apr 3, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user accounts are configure...Show more An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256_crypt_r uses alloca.Show less
CVE-2026-32710 1Mariadb 1Mariadb Mar 31, 2026 Mar 20, 2026 N/A· v4 9.9 CRITICAL· v3 N/A· v2 MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain condition...Show more MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2.Show less
CVE-2026-3494 2Amazon Mariadb 3Aurora Mysql MariadbRelational Database Service Mar 16, 2026 Mar 3, 2026 5.3 MEDIUM· v4 4.3 MEDIUM· v3 N/A· v2 In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQ...Show more In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.Show less
CVE-2024-27766 1Mariadb 1Mariadb Jul 10, 2025 Oct 17, 2024 N/A· v4 5.7 MEDIUM· v3 N/A· v2 An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
CVE-2023-39593 1Mariadb 1Mariadb Jul 10, 2025 Oct 17, 2024 N/A· v4 5.6 MEDIUM· v3 N/A· v2 Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege...Show more Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.Show less
CVE-2023-26785 1Mariadb 1Mariadb Jul 10, 2025 Oct 17, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation becaus...Show more MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.Show less
CVE-2023-22084 4Fedoraproject MariadbNetapp+1 more 4Fedora MariadbMysql+1 more Jan 22, 2025 Oct 17, 2023 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privile...Show more Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).Show less
CVE-2023-5157 3Fedoraproject MariadbRedhat 12Enterprise Linux Enterprise Linux EusEnterprise Linux For Arm 64+9 more Oct 1, 2025 Sep 27, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.
CVE-2022-47015 1Mariadb 1Mariadb Apr 3, 2025 Jan 20, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.
CVE-2022-21595 3Mariadb NetappOracle 4Mariadb MysqlOncommand Insight+1 more Nov 21, 2024 Oct 18, 2022 N/A· v4 4.4 MEDIUM· v3 N/A· v2 Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged atta...Show more Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).Show less
CVE-2022-38791 2Fedoraproject Mariadb 2Fedora Mariadb Nov 21, 2024 Aug 27, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.
CVE-2022-32091 3Debian FedoraprojectMariadb 3Debian Linux FedoraMariadb Nov 21, 2024 Jul 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.
CVE-2022-32089 2Fedoraproject Mariadb 2Fedora Mariadb Nov 21, 2024 Jul 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.
CVE-2022-32088 2Debian Mariadb 2Debian Linux Mariadb Nov 21, 2024 Jul 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.
CVE-2022-32087 2Debian Mariadb 2Debian Linux Mariadb Nov 21, 2024 Jul 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.
CVE-2022-32086 1Mariadb 1Mariadb Nov 21, 2024 Jul 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.
CVE-2022-32085 2Debian Mariadb 2Debian Linux Mariadb Nov 21, 2024 Jul 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.
CVE-2022-32084 3Debian FedoraprojectMariadb 3Debian Linux FedoraMariadb Nov 21, 2024 Jul 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.
CVE-2022-32083 2Debian Mariadb 2Debian Linux Mariadb Nov 21, 2024 Jul 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.
CVE-2022-32082 2Fedoraproject Mariadb 2Fedora Mariadb Nov 21, 2024 Jul 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.

12 3 4 5...21 Next