VYPR

Vendor CVEs

MariaDB

All CVEs

334 total · sorted by risk
  • CVE-2016-6662CriSep 20, 2016
    risk 0.72cvss 9.8epss 0.68

    Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary…

  • CVE-2026-49261CriJun 11, 2026
    risk 0.65cvss 10.0epss 0.01

    MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with `wsrep_notify_cmd` enabled would execute shell commands embedded in the name of the joiner…

  • CVE-2026-44172CriJun 12, 2026
    risk 0.64cvss 9.8epss 0.00

    MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysql_real_escape_string() and sending it to the database using text protocol and big5 character set was…

  • CVE-2026-44170CriJun 12, 2026
    risk 0.64cvss 9.8epss 0.01

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated…

  • CVE-2016-9843CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.06

    The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

  • CVE-2014-0224HigJun 5, 2014
    risk 0.59cvss 7.4epss 0.95

    OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and…

  • CVE-2016-3477HigJul 21, 2016
    risk 0.53cvss 8.1epss 0.00

    Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to…

  • CVE-2026-48165HigJun 12, 2026
    risk 0.52cvss 8.0epss 0.01

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrep_sst_receive_address or…

  • CVE-2026-48163HigJun 12, 2026
    risk 0.52cvss 8.0epss 0.01

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into…

  • CVE-2026-44168HigJun 12, 2026
    risk 0.52cvss 8.0epss 0.00

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into…

  • CVE-2017-15945HigOct 27, 2017
    risk 0.51cvss 7.8epss 0.00

    The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging…

  • CVE-2017-3309HigApr 24, 2017
    risk 0.50cvss 7.7epss 0.03

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network…

  • CVE-2017-3308HigApr 24, 2017
    risk 0.50cvss 7.7epss 0.03

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access…

  • CVE-2017-3302HigFeb 12, 2017
    risk 0.49cvss 7.5epss 0.05

    Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.

  • CVE-2016-6664HigDec 13, 2016
    risk 0.49cvss 7.0epss 0.03

    mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before…

  • CVE-2016-6663HigDec 13, 2016
    risk 0.49cvss 7.0epss 0.04

    Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and…

  • CVE-2016-3471HigJul 21, 2016
    risk 0.49cvss 7.5epss 0.00

    Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.

  • CVE-2026-32710HigMar 20, 2026
    risk 0.48cvss 8.5epss 0.01

    MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code…

  • CVE-2025-13699HigDec 23, 2025
    risk 0.46cvss 7.0epss 0.00

    MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability…

  • CVE-2017-3312MedJan 27, 2017
    risk 0.44cvss 6.7epss 0.00

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to…

  • CVE-2017-10378MedOct 19, 2017
    risk 0.43cvss 6.5epss 0.03

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network…

  • CVE-2017-3600MedApr 24, 2017
    risk 0.43cvss 6.6epss 0.03

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network…

  • CVE-2017-3244MedJan 27, 2017
    risk 0.43cvss 6.5epss 0.04

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access…

  • CVE-2017-3238MedJan 27, 2017
    risk 0.43cvss 6.5epss 0.05

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network…

  • CVE-2016-5626MedOct 25, 2016
    risk 0.43cvss 6.5epss 0.06

    Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

  • CVE-2016-5624MedOct 25, 2016
    risk 0.43cvss 6.5epss 0.05

    Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.

  • CVE-2016-5612MedOct 25, 2016
    risk 0.43cvss 6.5epss 0.03

    Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.

  • CVE-2016-3492MedOct 25, 2016
    risk 0.43cvss 6.5epss 0.07

    Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

  • CVE-2016-3521MedJul 21, 2016
    risk 0.43cvss 6.5epss 0.06

    Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.

  • CVE-2026-35549MedApr 3, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because…

  • CVE-2022-0778HigMar 15, 2022
    risk 0.42cvss 7.5epss 0.71

    The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic…

  • CVE-2017-10384MedOct 19, 2017
    risk 0.42cvss 6.5epss 0.03

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via…

  • CVE-2017-10379MedOct 19, 2017
    risk 0.42cvss 6.5epss 0.02

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network…

  • CVE-2017-3453MedApr 24, 2017
    risk 0.42cvss 6.5epss 0.03

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network…

  • CVE-2017-3258MedJan 27, 2017
    risk 0.42cvss 6.5epss 0.03

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access…

  • CVE-2017-3257MedJan 27, 2017
    risk 0.42cvss 6.5epss 0.03

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols…

  • CVE-2016-0502MedJan 21, 2016
    risk 0.42cvss 6.5epss 0.03

    Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

  • CVE-2026-44171MedJun 12, 2026
    risk 0.41cvss 6.3epss 0.00

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper…

  • CVE-2017-3291MedJan 27, 2017
    risk 0.41cvss 6.3epss 0.00

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to…

  • CVE-2016-0640MedApr 21, 2016
    risk 0.40cvss 6.1epss 0.01

    Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.

  • CVE-2016-2047MedJan 27, 2016
    risk 0.39cvss 5.9epss 0.04

    The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname…

  • CVE-2015-7744MedJan 22, 2016
    risk 0.39cvss 5.9epss 0.05

    wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA…

  • CVE-2017-3265MedJan 27, 2017
    risk 0.37cvss 5.6epss 0.01

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to…

  • CVE-2016-7440MedDec 13, 2016
    risk 0.36cvss 5.5epss 0.00

    The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.

  • CVE-2016-0666MedApr 21, 2016
    risk 0.36cvss 5.5epss 0.02

    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.

  • CVE-2016-0651MedApr 21, 2016
    risk 0.36cvss 5.5epss 0.01

    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.

  • CVE-2016-0650MedApr 21, 2016
    risk 0.36cvss 5.5epss 0.02

    Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.

  • CVE-2016-0649MedApr 21, 2016
    risk 0.36cvss 5.5epss 0.02

    Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.

  • CVE-2016-0648MedApr 21, 2016
    risk 0.36cvss 5.5epss 0.02

    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.

  • CVE-2016-0647MedApr 21, 2016
    risk 0.36cvss 5.5epss 0.02

    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.

Page 1 of 7