VYPR

rpm package

opensuse/mariadb&distro=openSUSE Leap 16.0

pkg:rpm/opensuse/mariadb&distro=openSUSE%20Leap%2016.0

Vulnerabilities (13)

  • CVE-2026-48165HigJun 12, 2026
    affected < 11.8.8-160000.1.1fixed 11.8.8-160000.1.1

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrep_sst_receive_address or wsrep_sst_don

  • CVE-2026-48163HigJun 12, 2026
    affected < 11.8.8-160000.1.1fixed 11.8.8-160000.1.1

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the

  • CVE-2026-44173MedJun 12, 2026
    affected < 11.8.8-160000.1.1fixed 11.8.8-160000.1.1

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying

  • CVE-2026-44172CriJun 12, 2026
    affected < 11.8.8-160000.1.1fixed 11.8.8-160000.1.1

    MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysql_real_escape_string() and sending it to the database using text protocol and big5 character set was vulnerabl

  • CVE-2026-44171MedJun 12, 2026
    affected < 11.8.8-160000.1.1fixed 11.8.8-160000.1.1

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup

  • CVE-2026-44170CriJun 12, 2026
    affected < 11.8.8-160000.1.1fixed 11.8.8-160000.1.1

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated

  • CVE-2026-44169MedJun 12, 2026
    affected < 11.8.8-160000.1.1fixed 11.8.8-160000.1.1

    MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. Th

  • CVE-2026-44168HigJun 12, 2026
    affected < 11.8.8-160000.1.1fixed 11.8.8-160000.1.1

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the

  • CVE-2026-49261CriJun 11, 2026
    affected < 11.8.8-160000.1.1fixed 11.8.8-160000.1.1

    MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with `wsrep_notify_cmd` enabled would execute shell commands embedded in the name of the joiner node

  • CVE-2026-34303MedApr 21, 2026
    affected < 11.8.8-160000.1.1fixed 11.8.8-160000.1.1

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protoco

  • CVE-2026-35549MedApr 3, 2026
    affected < 11.8.8-160000.1.1fixed 11.8.8-160000.1.1

    An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha

  • CVE-2026-3494Mar 3, 2026
    affected < 11.8.8-160000.1.1fixed 11.8.8-160000.1.1

    In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) styl

  • CVE-2025-13699HigDec 23, 2025
    affected < 11.8.5-160000.1.1fixed 11.8.5-160000.1.1

    MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but