Vulnerabilities > Mariadb > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-08-08 CVE-2017-3636 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs).
local
low complexity
oracle debian redhat mariadb
4.6
2017-08-05 CVE-2017-12419 Information Exposure vulnerability in Mantisbt 2.5.2
If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide), and the MySQL client has a local_infile setting enabled (in php.ini mysqli.allow_local_infile, or the MySQL client config file, depending on the PHP setup), an attacker may take advantage of MySQL's "connect file read" feature to remotely access files on the MantisBT server.
network
low complexity
mantisbt mariadb mysql CWE-200
4.0
2017-04-24 CVE-2017-3600 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). 6.0
2017-04-24 CVE-2017-3464 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).
network
low complexity
oracle debian redhat mariadb
4.0
2017-04-24 CVE-2017-3456 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML).
network
low complexity
oracle debian mariadb redhat
4.0
2017-04-24 CVE-2017-3453 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
network
low complexity
oracle debian mariadb redhat
4.0
2017-04-24 CVE-2017-3309 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
network
low complexity
oracle debian mariadb redhat
4.0
2017-04-24 CVE-2017-3308 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML).
network
low complexity
oracle debian mariadb redhat
4.0
2017-02-12 CVE-2017-3302 Use After Free vulnerability in multiple products
Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.
network
low complexity
oracle mariadb debian redhat CWE-416
5.0
2017-01-27 CVE-2017-3318 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling).
local
high complexity
oracle debian redhat mariadb
4.0