Vulnerabilities > Mariadb > Mariadb > 10.3.24
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-21 | CVE-2021-2372 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.4 |
| 2021-07-21 | CVE-2021-2389 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 5.9 |
| 2021-05-27 | CVE-2020-15180 | Command Injection vulnerability in multiple products A flaw was found in the mysql-wsrep component of mariadb. | 9.0 |
| 2021-04-22 | CVE-2021-2194 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.9 |
| 2021-04-22 | CVE-2021-2166 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). | 4.9 |
| 2021-04-22 | CVE-2021-2154 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). | 4.9 |
| 2021-03-19 | CVE-2021-27928 | Code Injection vulnerability in multiple products A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. | 9.0 |
| 2020-12-24 | CVE-2020-28912 | Unspecified vulnerability in Mariadb With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between the client and the server, and getting the ability to run SQL commands on behalf of the connected user. local mariadb | 4.4 |
| 2020-10-21 | CVE-2020-14812 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). | 4.9 |
| 2020-10-21 | CVE-2020-14789 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). | 4.9 |