Vulnerabilities > Mariadb > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-01 | CVE-2021-46669 | Use After Free vulnerability in multiple products MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. | 7.5 |
2021-03-19 | CVE-2021-27928 | Code Injection vulnerability in multiple products A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. | 7.2 |
2020-12-24 | CVE-2020-28912 | Unspecified vulnerability in Mariadb With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between the client and the server, and getting the ability to run SQL commands on behalf of the connected user. | 7.0 |
2020-05-20 | CVE-2020-13249 | libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. | 8.8 |
2020-02-04 | CVE-2020-7221 | Link Following vulnerability in Mariadb mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. | 7.8 |
2020-01-14 | CVE-2015-2325 | Out-of-bounds Write vulnerability in multiple products The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier. | 7.8 |
2018-07-18 | CVE-2018-3064 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). | 7.1 |
2018-06-04 | CVE-2017-16046 | Unspecified vulnerability in Mariadb 2.13.0 `mariadb` was a malicious module published with the intent to hijack environment variables. | 7.5 |
2018-04-19 | CVE-2018-2755 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). | 7.7 |
2018-01-25 | CVE-2017-15365 | sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking. | 8.8 |