Логотип exploitDog
product: "mariadb"
Консоль
Логотип exploitDog

exploitDog

product: "mariadb"
MariaDB

MariaDBответвление от системы управления базами данных MySQL, разрабатываемое сообществом под лицензией GNU GPL.

Релизный цикл, информация об уязвимостях

Продукт: MariaDB
Вендор: mariadb

График релизов

10.610.710.810.910.1010.1111.011.111.211.311.411.511.611.711.82021202220232024202520262027202820292030

Недавние уязвимости MariaDB

Количество 2 144

ubuntu логотип

CVE-2023-26785

10 месяцев назад

MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

CVSS3: 9.8
EPSS: Средний
ubuntu логотип

CVE-2024-27766

10 месяцев назад

An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

CVSS3: 5.7
EPSS: Средний
redhat логотип

CVE-2024-27766

10 месяцев назад

An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

CVSS3: 5.5
EPSS: Средний
redhat логотип

CVE-2023-26785

10 месяцев назад

MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

CVSS3: 5.5
EPSS: Средний
redhat логотип

CVE-2023-39593

10 месяцев назад

Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

CVSS3: 5.5
EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2024:1922-1

около 1 года назад

Security update for mariadb104

EPSS: Низкий
fstec логотип

BDU:2024-08763

больше 1 года назад

Уязвимость библиотеки lib_mysqludf_sys.so системы управления базами данных MariaDB, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код

CVSS3: 5.7
EPSS: Средний
suse-cvrf логотип

SUSE-SU-2023:4908-1

больше 1 года назад

Security update for mariadb

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2023:4907-1

больше 1 года назад

Security update for mariadb

EPSS: Низкий
github логотип

GHSA-65rf-4p7c-6rj9

почти 2 года назад

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS3: 4.9
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
ubuntu логотип
CVE-2023-26785

MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

CVSS3: 9.8
14%
Средний
10 месяцев назад
ubuntu логотип
CVE-2024-27766

An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

CVSS3: 5.7
17%
Средний
10 месяцев назад
redhat логотип
CVE-2024-27766

An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

CVSS3: 5.5
17%
Средний
10 месяцев назад
redhat логотип
CVE-2023-26785

MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

CVSS3: 5.5
14%
Средний
10 месяцев назад
redhat логотип
CVE-2023-39593

Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

CVSS3: 5.5
1%
Низкий
10 месяцев назад
suse-cvrf логотип
SUSE-SU-2024:1922-1

Security update for mariadb104

1%
Низкий
около 1 года назад
fstec логотип
BDU:2024-08763

Уязвимость библиотеки lib_mysqludf_sys.so системы управления базами данных MariaDB, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код

CVSS3: 5.7
17%
Средний
больше 1 года назад
suse-cvrf логотип
SUSE-SU-2023:4908-1

Security update for mariadb

1%
Низкий
больше 1 года назад
suse-cvrf логотип
SUSE-SU-2023:4907-1

Security update for mariadb

1%
Низкий
больше 1 года назад
github логотип
GHSA-65rf-4p7c-6rj9

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS3: 4.9
1%
Низкий
почти 2 года назад

Уязвимостей на страницу


Поделиться