VYPR

Vendor CVEs

MariaDB

All CVEs

334 total · sorted by risk
  • CVE-2012-5627Oct 1, 2013
    risk 0.04cvss epss 0.11

    Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force…

  • CVE-2013-1861Mar 28, 2013
    risk 0.04cvss epss 0.19

    MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that…

  • CVE-2012-5615Dec 3, 2012
    risk 0.04cvss epss 0.15

    Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid…

  • CVE-2012-5614Dec 3, 2012
    risk 0.04cvss epss 0.13

    Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique,…

  • CVE-2010-5298Apr 14, 2014
    risk 0.03cvss epss 0.34

    Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a…

  • CVE-2024-27766Oct 17, 2024
    risk 0.02cvss epss 0.01

    An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

  • CVE-2016-0505Jan 21, 2016
    risk 0.01cvss epss 0.08

    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.

  • CVE-2015-4816Oct 21, 2015
    risk 0.01cvss epss 0.07

    Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

  • CVE-2015-4757Jul 16, 2015
    risk 0.01cvss epss 0.07

    Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

  • CVE-2015-2568Apr 16, 2015
    risk 0.01cvss epss 0.07

    Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.

  • CVE-2015-0501Apr 16, 2015
    risk 0.01cvss epss 0.10

    Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.

  • CVE-2015-0411Jan 21, 2015
    risk 0.01cvss epss 0.10

    Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.

  • CVE-2015-0391Jan 21, 2015
    risk 0.01cvss epss 0.07

    Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

  • CVE-2015-0382Jan 21, 2015
    risk 0.01cvss epss 0.10

    Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.

  • CVE-2014-6568Jan 21, 2015
    risk 0.01cvss epss 0.07

    Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.

  • CVE-2014-8964Dec 16, 2014
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.

  • CVE-2014-6507Oct 15, 2014
    risk 0.01cvss epss 0.07

    Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.

  • CVE-2014-0001Jan 31, 2014
    risk 0.01cvss epss 0.06

    Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.

  • CVE-2025-56404Sep 10, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via the SSE service as the SSE service lacks user validation.

  • CVE-2023-39593Oct 17, 2024
    risk 0.00cvss epss 0.01

    Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

  • CVE-2023-5157Sep 26, 2023
    risk 0.00cvss epss 0.02

    A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.

  • CVE-2023-40354Aug 14, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a "maxctrl create service" command line, but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are…

  • CVE-2022-47015Jan 20, 2023
    risk 0.00cvss epss 0.01

    MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.

  • CVE-2022-38791Aug 27, 2022
    risk 0.00cvss epss 0.00

    In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.

  • CVE-2022-32088Jul 1, 2022
    risk 0.00cvss epss 0.02

    MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.

  • CVE-2022-32087Jul 1, 2022
    risk 0.00cvss epss 0.02

    MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.

  • CVE-2022-32086Jul 1, 2022
    risk 0.00cvss epss 0.01

    MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.

  • CVE-2022-32085Jul 1, 2022
    risk 0.00cvss epss 0.02

    MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.

  • CVE-2022-32083Jul 1, 2022
    risk 0.00cvss epss 0.02

    MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.

  • CVE-2022-32091Jul 1, 2022
    risk 0.00cvss epss 0.02

    MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.

  • CVE-2022-32089Jul 1, 2022
    risk 0.00cvss epss 0.02

    MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.

  • CVE-2022-32081Jul 1, 2022
    risk 0.00cvss epss 0.02

    MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.

  • CVE-2022-32084Jul 1, 2022
    risk 0.00cvss epss 0.02

    MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.

  • CVE-2022-32082Jul 1, 2022
    risk 0.00cvss epss 0.02

    MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.

  • CVE-2022-31624May 25, 2022
    risk 0.00cvss epss 0.00

    MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

  • CVE-2022-31622May 25, 2022
    risk 0.00cvss epss 0.00

    MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users…

  • CVE-2022-31621May 25, 2022
    risk 0.00cvss epss 0.00

    MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a…

  • CVE-2022-31623May 25, 2022
    risk 0.00cvss epss 0.00

    MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local…

  • CVE-2022-27456Apr 14, 2022
    risk 0.00cvss epss 0.02

    MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.

  • CVE-2022-27457Apr 14, 2022
    risk 0.00cvss epss 0.02

    MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.

  • CVE-2022-27455Apr 14, 2022
    risk 0.00cvss epss 0.02

    MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.

  • CVE-2022-27451Apr 14, 2022
    risk 0.00cvss epss 0.02

    MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.

  • CVE-2022-27452Apr 14, 2022
    risk 0.00cvss epss 0.02

    MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.

  • CVE-2022-27448Apr 14, 2022
    risk 0.00cvss epss 0.02

    There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.

  • CVE-2022-27449Apr 14, 2022
    risk 0.00cvss epss 0.02

    MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.

  • CVE-2022-27447Apr 14, 2022
    risk 0.00cvss epss 0.02

    MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.

  • CVE-2022-27446Apr 14, 2022
    risk 0.00cvss epss 0.02

    MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.

  • CVE-2022-27445Apr 14, 2022
    risk 0.00cvss epss 0.02

    MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.

  • CVE-2022-27444Apr 14, 2022
    risk 0.00cvss epss 0.01

    MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.

  • CVE-2022-27387Apr 12, 2022
    risk 0.00cvss epss 0.02

    MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.

Page 3 of 7