Mariadb

mariadb

Vendor: Mariadb • 406 CVEs

CVEs (406)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-46665 2Fedoraproject Mariadb 2Fedora Mariadb Nov 21, 2024 Feb 1, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.
CVE-2021-46664 2Fedoraproject Mariadb 2Fedora Mariadb Nov 21, 2024 Feb 1, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.
CVE-2021-46663 2Fedoraproject Mariadb 2Fedora Mariadb Nov 21, 2024 Feb 1, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.
CVE-2021-46662 1Mariadb 1Mariadb Nov 21, 2024 Feb 1, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.
CVE-2021-46661 2Fedoraproject Mariadb 2Fedora Mariadb Nov 21, 2024 Feb 1, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).
CVE-2021-46659 2Fedoraproject Mariadb 2Fedora Mariadb Nov 21, 2024 Jan 29, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.
CVE-2021-46658 1Mariadb 1Mariadb Nov 21, 2024 Jan 29, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.
CVE-2021-46657 1Mariadb 1Mariadb Nov 21, 2024 Jan 29, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.
CVE-2021-35604 4Fedoraproject MariadbNetapp+1 more 5Fedora MariadbMysql Server+2 more Nov 21, 2024 Oct 20, 2021 N/A· v4 5.5 MEDIUM· v3 5.5 MEDIUM· v2 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attac...Show more Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).Show less
CVE-2021-2389 4Fedoraproject MariadbNetapp+1 more 7Active Iq Unified Manager FedoraMariadb+4 more Nov 21, 2024 Jul 21, 2021 N/A· v4 5.9 MEDIUM· v3 7.1 HIGH· v2 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated att...Show more Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).Show less
CVE-2021-2372 4Fedoraproject MariadbNetapp+1 more 7Active Iq Unified Manager FedoraMariadb+4 more Nov 21, 2024 Jul 21, 2021 N/A· v4 4.4 MEDIUM· v3 3.5 LOW· v2 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged att...Show more Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).Show less
CVE-2020-15180 4Debian GaleraclusterMariadb+1 more 4Debian Linux Galera Cluster For MysqlMariadb+1 more Nov 21, 2024 May 27, 2021 N/A· v4 9.0 CRITICAL· v3 6.8 MEDIUM· v2 A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera c...Show more A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.Show less
CVE-2021-2194 4Fedoraproject MariadbNetapp+1 more 7Active Iq Unified Manager FedoraMariadb+4 more Nov 21, 2024 Apr 22, 2021 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attac...Show more Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).Show less
CVE-2021-2180 4Fedoraproject MariadbNetapp+1 more 7Active Iq Unified Manager FedoraMariadb+4 more Nov 21, 2024 Apr 22, 2021 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attac...Show more Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).Show less
CVE-2021-2174 4Fedoraproject MariadbNetapp+1 more 7Active Iq Unified Manager FedoraMariadb+4 more Nov 21, 2024 Apr 22, 2021 N/A· v4 4.4 MEDIUM· v3 3.5 LOW· v2 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged att...Show more Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).Show less
CVE-2021-2166 4Fedoraproject MariadbNetapp+1 more 7Active Iq Unified Manager FedoraMariadb+4 more Nov 21, 2024 Apr 22, 2021 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged...Show more Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).Show less
CVE-2021-2154 4Fedoraproject MariadbNetapp+1 more 7Active Iq Unified Manager FedoraMariadb+4 more Nov 21, 2024 Apr 22, 2021 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network...Show more Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).Show less
CVE-2021-2144 3Mariadb NetappOracle 6Active Iq Unified Manager MariadbMysql+3 more Nov 21, 2024 Apr 22, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileg...Show more Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).Show less
CVE-2021-27928 4Debian GaleraclusterMariadb+1 more 4Debian Linux MariadbPercona Server+1 more Nov 21, 2024 Mar 19, 2021 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for...Show more A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.Show less
CVE-2021-2032 3Mariadb NetappOracle 5Mariadb MysqlOncommand Insight+2 more Nov 21, 2024 Jan 20, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privi...Show more Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).Show less

Previous 1 2 345...21 Next