rpm package
suse/mariadb&distro=SUSE Linux Enterprise Module for Server Applications 15 SP7
pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-49261 | Cri | 10.0 | < 11.8.8-150700.3.15.1 | 11.8.8-150700.3.15.1 | Jun 11, 2026 | MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with `wsrep_notify_cmd` enabled would execute shell commands embedded in the name of the joiner node | |
| CVE-2026-34303 | Med | 6.5 | < 11.8.8-150700.3.15.1 | 11.8.8-150700.3.15.1 | Apr 21, 2026 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protoco | |
| CVE-2026-35549 | Med | 6.5 | < 11.8.8-150700.3.15.1 | 11.8.8-150700.3.15.1 | Apr 3, 2026 | An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha | |
| CVE-2026-32710 | Hig | 8.5 | < 11.8.6-150700.3.12.1 | 11.8.6-150700.3.12.1 | Mar 20, 2026 | MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code | |
| CVE-2026-3494 | — | < 11.8.8-150700.3.15.1 | 11.8.8-150700.3.15.1 | Mar 3, 2026 | In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) styl | ||
| CVE-2025-13699 | Hig | 7.0 | < 11.8.5-150700.3.9.1 | 11.8.5-150700.3.9.1 | Dec 23, 2025 | MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but |
- affected < 11.8.8-150700.3.15.1fixed 11.8.8-150700.3.15.1
MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with `wsrep_notify_cmd` enabled would execute shell commands embedded in the name of the joiner node
- affected < 11.8.8-150700.3.15.1fixed 11.8.8-150700.3.15.1
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protoco
- affected < 11.8.8-150700.3.15.1fixed 11.8.8-150700.3.15.1
An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha
- affected < 11.8.6-150700.3.12.1fixed 11.8.6-150700.3.12.1
MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code
- CVE-2026-3494Mar 3, 2026affected < 11.8.8-150700.3.15.1fixed 11.8.8-150700.3.15.1
In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) styl
- affected < 11.8.5-150700.3.9.1fixed 11.8.5-150700.3.9.1
MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but