VYPR

Server

by MariaDB

Source repositories

CVEs (15)

  • CVE-2026-44172CriJun 12, 2026
    risk 0.64cvss 9.8epss 0.00

    MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysql_real_escape_string() and sending it to the database using text protocol and big5 character set was…

  • CVE-2026-44170CriJun 12, 2026
    risk 0.64cvss 9.8epss 0.01

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated…

  • CVE-2026-48165HigJun 12, 2026
    risk 0.52cvss 8.0epss 0.01

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrep_sst_receive_address or…

  • CVE-2026-48163HigJun 12, 2026
    risk 0.52cvss 8.0epss 0.01

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into…

  • CVE-2026-44168HigJun 12, 2026
    risk 0.52cvss 8.0epss 0.01

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into…

  • CVE-2026-44171MedJun 12, 2026
    risk 0.41cvss 6.3epss 0.00

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper…

  • CVE-2023-52971MedMar 8, 2025
    risk 0.32cvss 4.9epss 0.00

    MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.

  • CVE-2023-52970MedMar 8, 2025
    risk 0.32cvss 4.9epss 0.00

    MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.

  • CVE-2023-52969MedMar 8, 2025
    risk 0.32cvss 4.9epss 0.00

    MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.

  • CVE-2023-52968MedMar 8, 2025
    risk 0.32cvss 4.9epss 0.00

    MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fix_fields_if_needed under mysql_derived_prepare when derived is not yet prepared, leading to a find_field_in_table…

  • CVE-2022-47015MedJan 20, 2023
    risk 0.00cvss 6.5epss 0.01

    MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.

  • CVE-2022-31624MedMay 25, 2022
    risk 0.00cvss 5.5epss 0.00

    MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

  • CVE-2022-31622MedMay 25, 2022
    risk 0.00cvss 5.5epss 0.00

    MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users…

  • CVE-2020-7221HigFeb 4, 2020
    risk 0.00cvss 7.8epss 0.01

    mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect…

  • CVE-2017-15365HigJan 25, 2018
    risk 0.00cvss 8.8epss 0.03

    sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition…