Vulnerabilities > Mariadb

DATE CVE VULNERABILITY TITLE RISK
2020-04-15 CVE-2020-2752 Vulnerability in the MySQL Client product of Oracle MySQL (component: C API).
network
high complexity
oracle mariadb fedoraproject opensuse netapp
5.3
2020-02-04 CVE-2020-7221 Link Following vulnerability in Mariadb
mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool.
local
low complexity
mariadb CWE-59
7.8
2020-01-15 CVE-2020-2574 Vulnerability in the MySQL Client product of Oracle MySQL (component: C API).
network
high complexity
oracle mariadb netapp canonical opensuse
5.9
2020-01-14 CVE-2015-2326 Out-of-bounds Read vulnerability in multiple products
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".
local
low complexity
pcre opensuse mariadb php CWE-125
5.5
2020-01-14 CVE-2015-2325 Out-of-bounds Write vulnerability in multiple products
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.
local
low complexity
pcre opensuse mariadb php CWE-787
7.8
2019-10-16 CVE-2019-2974 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
network
low complexity
oracle mariadb canonical fedoraproject opensuse
6.5
2019-10-16 CVE-2019-2938 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). 4.4
2019-07-23 CVE-2019-2805 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). 6.5
2019-07-23 CVE-2019-2758 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB).
network
low complexity
oracle canonical mariadb
5.5
2019-07-23 CVE-2019-2740 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). 6.5