MariaDB — ответвление от системы управления базами данных MySQL, разрабатываемое сообществом под лицензией GNU GPL.
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 144

CVE-2023-26785
MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

CVE-2024-27766
An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

CVE-2024-27766
An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

CVE-2023-26785
MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

CVE-2023-39593
Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

SUSE-SU-2024:1922-1
Security update for mariadb104

BDU:2024-08763
Уязвимость библиотеки lib_mysqludf_sys.so системы управления базами данных MariaDB, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код

SUSE-SU-2023:4908-1
Security update for mariadb

SUSE-SU-2023:4907-1
Security update for mariadb
GHSA-65rf-4p7c-6rj9
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
---|---|---|---|---|
![]() | CVE-2023-26785 MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. | CVSS3: 9.8 | 14% Средний | 10 месяцев назад |
![]() | CVE-2024-27766 An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. | CVSS3: 5.7 | 17% Средний | 10 месяцев назад |
![]() | CVE-2024-27766 An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. | CVSS3: 5.5 | 17% Средний | 10 месяцев назад |
![]() | CVE-2023-26785 MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. | CVSS3: 5.5 | 14% Средний | 10 месяцев назад |
![]() | CVE-2023-39593 Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. | CVSS3: 5.5 | 1% Низкий | 10 месяцев назад |
![]() | SUSE-SU-2024:1922-1 Security update for mariadb104 | 1% Низкий | около 1 года назад | |
![]() | BDU:2024-08763 Уязвимость библиотеки lib_mysqludf_sys.so системы управления базами данных MariaDB, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код | CVSS3: 5.7 | 17% Средний | больше 1 года назад |
![]() | SUSE-SU-2023:4908-1 Security update for mariadb | 1% Низкий | больше 1 года назад | |
![]() | SUSE-SU-2023:4907-1 Security update for mariadb | 1% Низкий | больше 1 года назад | |
GHSA-65rf-4p7c-6rj9 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | CVSS3: 4.9 | 1% Низкий | почти 2 года назад |
Уязвимостей на страницу