Mariadb

mariadb

Vendor: Mariadb • 406 CVEs

CVEs (406)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-4243 3Mariadb OracleSuse 6Linux Enterprise Desktop Linux Enterprise ServerLinux Enterprise Software Development Kit+3 more May 6, 2026 Jul 17, 2014 N/A· v4 N/A· v3 2.8 LOW· v2 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.
CVE-2014-4207 4Debian MariadbOracle+1 more 7Debian Linux Linux Enterprise DesktopLinux Enterprise Server+4 more May 6, 2026 Jul 17, 2014 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.
CVE-2014-2494 4Debian MariadbOracle+1 more 7Debian Linux Linux Enterprise DesktopLinux Enterprise Server+4 more May 6, 2026 Jul 17, 2014 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.
CVE-2014-3470 6Fedoraproject MariadbOpenssl+3 more 11Enterprise Linux FedoraLeap+8 more May 6, 2026 Jun 5, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of s...Show more The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.Show less
CVE-2014-0224 9Fedoraproject Filezilla ProjectMariadb+6 more 16Application Processing Engine Firmware Cp1543 1 FirmwareEnterprise Linux+13 more May 6, 2026 Jun 5, 2014 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key...Show more OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.Show less
CVE-2014-0221 6Fedoraproject MariadbOpenssl+3 more 11Enterprise Linux FedoraLeap+8 more May 6, 2026 Jun 5, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS he...Show more The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.Show less
CVE-2014-0195 4Fedoraproject MariadbOpenssl+1 more 5Fedora LeapMariadb+2 more May 6, 2026 Jun 5, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote at...Show more The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.Show less
CVE-2014-0198 6Debian FedoraprojectMariadb+3 more 9Debian Linux FedoraLinux Enterprise Desktop+6 more May 6, 2026 May 6, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to c...Show more The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.Show less
CVE-2014-2440 3Mariadb OracleRedhat 9Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+6 more May 6, 2026 Apr 16, 2014 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2014-2438 3Mariadb OracleRedhat 8Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+5 more May 6, 2026 Apr 16, 2014 N/A· v4 N/A· v3 3.5 LOW· v2 Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.
CVE-2014-2436 3Mariadb OracleRedhat 9Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+6 more May 6, 2026 Apr 16, 2014 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.
CVE-2014-2432 3Mariadb OracleRedhat 9Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+6 more May 6, 2026 Apr 16, 2014 N/A· v4 N/A· v3 2.8 LOW· v2 Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.
CVE-2014-2431 3Mariadb OracleRedhat 9Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+6 more May 6, 2026 Apr 16, 2014 N/A· v4 N/A· v3 2.6 LOW· v2 Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.
CVE-2014-2430 3Mariadb OracleRedhat 9Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+6 more May 6, 2026 Apr 16, 2014 N/A· v4 N/A· v3 3.5 LOW· v2 Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.
CVE-2014-2419 3Mariadb OracleRedhat 9Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+6 more May 6, 2026 Apr 16, 2014 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.
CVE-2014-0384 3Mariadb OracleRedhat 8Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+5 more May 6, 2026 Apr 16, 2014 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.
CVE-2010-5298 4Fedoraproject MariadbOpenssl+1 more 7Fedora Linux Enterprise DesktopLinux Enterprise Server+4 more May 6, 2026 Apr 14, 2014 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-aft...Show more Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.Show less
CVE-2014-0001 3Mariadb OracleRedhat 6Enterprise Linux Enterprise Linux DesktopEnterprise Linux Server+3 more Apr 29, 2026 Jan 31, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.
CVE-2014-0437 5Canonical DebianMariadb+2 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+7 more Apr 29, 2026 Jan 15, 2014 N/A· v4 N/A· v3 3.5 LOW· v2 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related...Show more Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.Show less
CVE-2014-0420 5Canonical DebianMariadb+2 more 8Debian Linux Enterprise Linux DesktopEnterprise Linux Server+5 more Apr 29, 2026 Jan 15, 2014 N/A· v4 N/A· v3 2.8 LOW· v2 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.

Previous 1...151617...21 Next