VYPR

rpm package

opensuse/mariadb&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/mariadb&distro=openSUSE%20Tumbleweed

Vulnerabilities (125)

  • CVE-2026-48165HigJun 12, 2026
    affected < 11.8.8-1.1fixed 11.8.8-1.1

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrep_sst_receive_address or wsrep_sst_don

  • CVE-2026-48163HigJun 12, 2026
    affected < 11.8.8-1.1fixed 11.8.8-1.1

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the

  • CVE-2026-44173MedJun 12, 2026
    affected < 11.8.7-1.1fixed 11.8.7-1.1

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying

  • CVE-2026-44172CriJun 12, 2026
    affected < 11.8.7-1.1fixed 11.8.7-1.1

    MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysql_real_escape_string() and sending it to the database using text protocol and big5 character set was vulnerabl

  • CVE-2026-44171MedJun 12, 2026
    affected < 11.8.7-1.1fixed 11.8.7-1.1

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup

  • CVE-2026-44170CriJun 12, 2026
    affected < 11.8.7-1.1fixed 11.8.7-1.1

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated

  • CVE-2026-44169MedJun 12, 2026
    affected < 11.8.7-1.1fixed 11.8.7-1.1

    MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. Th

  • CVE-2026-44168HigJun 12, 2026
    affected < 11.8.7-1.1fixed 11.8.7-1.1

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the

  • CVE-2026-49261CriJun 11, 2026
    affected < 11.8.8-1.1fixed 11.8.8-1.1

    MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with `wsrep_notify_cmd` enabled would execute shell commands embedded in the name of the joiner node

  • CVE-2026-34303MedApr 21, 2026
    affected < 11.8.7-1.1fixed 11.8.7-1.1

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protoco

  • CVE-2026-35549MedApr 3, 2026
    affected < 11.8.7-1.1fixed 11.8.7-1.1

    An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha

  • CVE-2026-32710HigMar 20, 2026
    affected < 11.8.6-1.1fixed 11.8.6-1.1

    MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code

  • CVE-2026-3494Mar 3, 2026
    affected < 11.8.7-1.1fixed 11.8.7-1.1

    In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) styl

  • CVE-2025-21490Jan 21, 2025
    affected < 11.7.2-1.1fixed 11.7.2-1.1

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto

  • CVE-2022-47015Jan 20, 2023
    affected < 10.11.3-1.1fixed 10.11.3-1.1

    MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.

  • CVE-2022-38791Aug 27, 2022
    affected < 10.9.3-1.1fixed 10.9.3-1.1

    In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.

  • CVE-2022-32091Jul 1, 2022
    affected < 10.9.3-1.1fixed 10.9.3-1.1

    MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.

  • CVE-2022-32089Jul 1, 2022
    affected < 10.9.3-1.1fixed 10.9.3-1.1

    MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.

  • CVE-2022-32084Jul 1, 2022
    affected < 10.9.3-1.1fixed 10.9.3-1.1

    MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.

  • CVE-2022-32082Jul 1, 2022
    affected < 10.9.3-1.1fixed 10.9.3-1.1

    MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.

Page 1 of 7