Vulnerabilities > Mariadb > High

DATE CVE VULNERABILITY TITLE RISK
2022-02-18 CVE-2022-24050 Use After Free vulnerability in multiple products
MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability.
local
low complexity
mariadb fedoraproject CWE-416
7.8
2022-02-18 CVE-2022-24051 Use of Externally-Controlled Format String vulnerability in multiple products
MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability.
local
low complexity
mariadb fedoraproject CWE-134
7.8
2022-02-18 CVE-2022-24052 Heap-based Buffer Overflow vulnerability in multiple products
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability.
local
low complexity
mariadb fedoraproject CWE-122
7.8
2022-02-01 CVE-2021-46669 Use After Free vulnerability in multiple products
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
network
low complexity
mariadb fedoraproject debian CWE-416
7.5
2020-05-20 CVE-2020-13249 libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server.
network
low complexity
mariadb opensuse fedoraproject
8.8
2020-02-04 CVE-2020-7221 Improper Privilege Management vulnerability in Mariadb
mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool.
local
low complexity
mariadb CWE-269
7.2
2018-01-25 CVE-2017-15365 sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
network
low complexity
fedoraproject mariadb percona
8.8
2018-01-18 CVE-2018-2612 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB).
network
low complexity
oracle mariadb netapp canonical debian
7.5
2018-01-18 CVE-2018-2562 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition).
network
low complexity
oracle mariadb debian canonical netapp redhat
7.5
2017-10-27 CVE-2017-15945 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.
local
low complexity
mariadb mysql gentoo CWE-732
7.2