Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mariadb
(Mariadb)| Repositories |
• https://github.com/MariaDB/server
• https://github.com/mysql/mysql-server • https://github.com/madler/zlib |
| #Vulnerabilities | 399 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2009-12-30 | CVE-2009-4484 | Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by... | Ubuntu_linux, Debian_linux, Mariadb, Mysql, Yassl | N/A | ||
| 2012-12-03 | CVE-2012-5615 | Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames. | Mariadb, Mysql | N/A | ||
| 2012-10-17 | CVE-2012-3173 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin. | Ubuntu_linux, Debian_linux, Mariadb, Mysql, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation | N/A | ||
| 2016-12-13 | CVE-2016-6664 | mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files. | Mariadb, Mysql, Percona_server, Xtradb_cluster | 7.0 | ||
| 2020-01-14 | CVE-2015-2326 | The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". | Mariadb, Opensuse, Pcre, Php | 5.5 | ||
| 2018-10-17 | CVE-2018-3174 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this... | Ubuntu_linux, Debian_linux, Mariadb, Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Mysql | 5.3 | ||
| 2018-10-17 | CVE-2018-3284 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability... | Ubuntu_linux, Mariadb, Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Mysql | 4.4 | ||
| 2018-04-19 | CVE-2018-2771 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0... | Ubuntu_linux, Debian_linux, Mariadb, Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Mysql, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openstack | 4.4 | ||
| 2018-10-17 | CVE-2018-3282 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of... | Ubuntu_linux, Debian_linux, Mariadb, Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Mysql, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 4.9 | ||
| 2022-04-12 | CVE-2022-27380 | An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | Debian_linux, Mariadb | 7.5 |