rpm package
almalinux/mariadb-server
pkg:rpm/almalinux/mariadb-server
Vulnerabilities (69)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-21968 | — | < 3:10.11.15-1.module_el8.10.0+4152+4d93c53f | 3:10.11.15-1.module_el8.10.0+4152+4d93c53f | Jan 20, 2026 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protoco | ||
| CVE-2025-13699 | Hig | 7.0 | < 3:10.11.15-1.el10_1 | 3:10.11.15-1.el10_1 | Dec 23, 2025 | MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but | |
| CVE-2025-30722 | — | < 3:10.5.29-2.module_el8.10.0+4059+10818090 | 3:10.5.29-2.module_el8.10.0+4059+10818090 | Apr 15, 2025 | Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple proto | ||
| CVE-2025-30693 | — | < 3:10.5.29-2.module_el8.10.0+4059+10818090 | 3:10.5.29-2.module_el8.10.0+4059+10818090 | Apr 15, 2025 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to comp | ||
| CVE-2023-52971 | Med | 4.9 | < 3:10.11.15-1.el10_1 | 3:10.11.15-1.el10_1 | Mar 8, 2025 | MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan. | |
| CVE-2023-52970 | Med | 4.9 | < 3:10.5.29-2.module_el8.10.0+4059+10818090 | 3:10.5.29-2.module_el8.10.0+4059+10818090 | Mar 8, 2025 | MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where. | |
| CVE-2023-52969 | Med | 4.9 | < 3:10.5.29-2.module_el8.10.0+4059+10818090 | 3:10.5.29-2.module_el8.10.0+4059+10818090 | Mar 8, 2025 | MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2. | |
| CVE-2025-21490 | — | < 3:10.5.29-2.module_el8.10.0+4059+10818090 | 3:10.5.29-2.module_el8.10.0+4059+10818090 | Jan 21, 2025 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto | ||
| CVE-2024-21096 | — | < 3:10.11.10-1.module_el8.10.0+3955+6534edaf | 3:10.11.10-1.module_el8.10.0+3955+6534edaf | Apr 16, 2024 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MyS | ||
| CVE-2023-22084 | — | < 3:10.5.27-1.module_el8.10.0+3947+ac422511 | 3:10.5.27-1.module_el8.10.0+3947+ac422511 | Oct 17, 2023 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to c | ||
| CVE-2023-5157 | — | < 3:10.5.22-1.module_el8.8.0+3620+5d452900 | 3:10.5.22-1.module_el8.8.0+3620+5d452900 | Sep 26, 2023 | A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service. | ||
| CVE-2022-47015 | — | < 3:10.3.39-1.module_el8.8.0+3609+204d4ab0 | 3:10.3.39-1.module_el8.8.0+3609+204d4ab0 | Jan 20, 2023 | MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer. | ||
| CVE-2022-38791 | — | < 3:10.3.39-1.module_el8.8.0+3609+204d4ab0 | 3:10.3.39-1.module_el8.8.0+3609+204d4ab0 | Aug 27, 2022 | In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. | ||
| CVE-2022-32088 | — | < 3:10.3.35-1.module_el8.6.0+3265+230ed96b | 3:10.3.35-1.module_el8.6.0+3265+230ed96b | Jul 1, 2022 | MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. | ||
| CVE-2022-32087 | — | < 3:10.3.35-1.module_el8.6.0+3265+230ed96b | 3:10.3.35-1.module_el8.6.0+3265+230ed96b | Jul 1, 2022 | MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. | ||
| CVE-2022-32085 | — | < 3:10.3.35-1.module_el8.6.0+3265+230ed96b | 3:10.3.35-1.module_el8.6.0+3265+230ed96b | Jul 1, 2022 | MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. | ||
| CVE-2022-32083 | — | < 3:10.3.35-1.module_el8.6.0+3265+230ed96b | 3:10.3.35-1.module_el8.6.0+3265+230ed96b | Jul 1, 2022 | MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. | ||
| CVE-2022-32091 | — | < 3:10.3.39-1.module_el8.8.0+3609+204d4ab0 | 3:10.3.39-1.module_el8.8.0+3609+204d4ab0 | Jul 1, 2022 | MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. | ||
| CVE-2022-32089 | — | < 3:10.5.22-1.module_el8.8.0+3620+5d452900 | 3:10.5.22-1.module_el8.8.0+3620+5d452900 | Jul 1, 2022 | MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. | ||
| CVE-2022-32084 | — | < 3:10.3.39-1.module_el8.8.0+3609+204d4ab0 | 3:10.3.39-1.module_el8.8.0+3609+204d4ab0 | Jul 1, 2022 | MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. |
- CVE-2026-21968Jan 20, 2026affected < 3:10.11.15-1.module_el8.10.0+4152+4d93c53ffixed 3:10.11.15-1.module_el8.10.0+4152+4d93c53f
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protoco
- affected < 3:10.11.15-1.el10_1fixed 3:10.11.15-1.el10_1
MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but
- CVE-2025-30722Apr 15, 2025affected < 3:10.5.29-2.module_el8.10.0+4059+10818090fixed 3:10.5.29-2.module_el8.10.0+4059+10818090
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple proto
- CVE-2025-30693Apr 15, 2025affected < 3:10.5.29-2.module_el8.10.0+4059+10818090fixed 3:10.5.29-2.module_el8.10.0+4059+10818090
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to comp
- affected < 3:10.11.15-1.el10_1fixed 3:10.11.15-1.el10_1
MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.
- affected < 3:10.5.29-2.module_el8.10.0+4059+10818090fixed 3:10.5.29-2.module_el8.10.0+4059+10818090
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.
- affected < 3:10.5.29-2.module_el8.10.0+4059+10818090fixed 3:10.5.29-2.module_el8.10.0+4059+10818090
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.
- CVE-2025-21490Jan 21, 2025affected < 3:10.5.29-2.module_el8.10.0+4059+10818090fixed 3:10.5.29-2.module_el8.10.0+4059+10818090
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto
- CVE-2024-21096Apr 16, 2024affected < 3:10.11.10-1.module_el8.10.0+3955+6534edaffixed 3:10.11.10-1.module_el8.10.0+3955+6534edaf
Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MyS
- CVE-2023-22084Oct 17, 2023affected < 3:10.5.27-1.module_el8.10.0+3947+ac422511fixed 3:10.5.27-1.module_el8.10.0+3947+ac422511
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to c
- CVE-2023-5157Sep 26, 2023affected < 3:10.5.22-1.module_el8.8.0+3620+5d452900fixed 3:10.5.22-1.module_el8.8.0+3620+5d452900
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.
- CVE-2022-47015Jan 20, 2023affected < 3:10.3.39-1.module_el8.8.0+3609+204d4ab0fixed 3:10.3.39-1.module_el8.8.0+3609+204d4ab0
MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.
- CVE-2022-38791Aug 27, 2022affected < 3:10.3.39-1.module_el8.8.0+3609+204d4ab0fixed 3:10.3.39-1.module_el8.8.0+3609+204d4ab0
In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.
- CVE-2022-32088Jul 1, 2022affected < 3:10.3.35-1.module_el8.6.0+3265+230ed96bfixed 3:10.3.35-1.module_el8.6.0+3265+230ed96b
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.
- CVE-2022-32087Jul 1, 2022affected < 3:10.3.35-1.module_el8.6.0+3265+230ed96bfixed 3:10.3.35-1.module_el8.6.0+3265+230ed96b
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.
- CVE-2022-32085Jul 1, 2022affected < 3:10.3.35-1.module_el8.6.0+3265+230ed96bfixed 3:10.3.35-1.module_el8.6.0+3265+230ed96b
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.
- CVE-2022-32083Jul 1, 2022affected < 3:10.3.35-1.module_el8.6.0+3265+230ed96bfixed 3:10.3.35-1.module_el8.6.0+3265+230ed96b
MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.
- CVE-2022-32091Jul 1, 2022affected < 3:10.3.39-1.module_el8.8.0+3609+204d4ab0fixed 3:10.3.39-1.module_el8.8.0+3609+204d4ab0
MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.
- CVE-2022-32089Jul 1, 2022affected < 3:10.5.22-1.module_el8.8.0+3620+5d452900fixed 3:10.5.22-1.module_el8.8.0+3620+5d452900
MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.
- CVE-2022-32084Jul 1, 2022affected < 3:10.3.39-1.module_el8.8.0+3609+204d4ab0fixed 3:10.3.39-1.module_el8.8.0+3609+204d4ab0
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.
Page 1 of 4