MariaDB — ответвление от системы управления базами данных MySQL, разрабатываемое сообществом под лицензией GNU GPL.

Релизный цикл, информация об уязвимостях

Продукт: MariaDB

Вендор: mariadb

График релизов

Недавние уязвимости MariaDB

Количество 2 149

CVE-2016-6663

около 9 лет назад

Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.

CVSS3: 7

EPSS: Низкий

CVE-2016-6664

около 9 лет назад

mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.

CVSS3: 7

EPSS: Средний

CVE-2016-7440

около 9 лет назад

The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.

CVSS3: 5.5

EPSS: Низкий

CVE-2016-7440

около 9 лет назад

The C software implementation of AES Encryption and Decryption in wolf ...

CVSS3: 5.5

EPSS: Низкий

CVE-2016-7440

около 9 лет назад

CVSS3: 5.5

EPSS: Низкий

CVE-2016-8283

больше 9 лет назад

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.

CVSS3: 4.3

EPSS: Низкий

CVE-2016-8283

больше 9 лет назад

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 a ...

CVSS3: 4.3

EPSS: Низкий

CVE-2016-5630

больше 9 лет назад

Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.

CVSS3: 4.9

EPSS: Низкий

CVE-2016-5630

больше 9 лет назад

Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.1 ...

CVSS3: 4.9

EPSS: Низкий

CVE-2016-5629

больше 9 лет назад

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.

CVSS3: 4.9

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2016-6663 Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.	CVSS3: 7	3% Низкий	около 9 лет назад
CVE-2016-6664 mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.	CVSS3: 7	45% Средний	около 9 лет назад
CVE-2016-7440 The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.	CVSS3: 5.5	0% Низкий	около 9 лет назад
CVE-2016-7440 The C software implementation of AES Encryption and Decryption in wolf ...	CVSS3: 5.5	0% Низкий	около 9 лет назад
CVE-2016-7440 The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.	CVSS3: 5.5	0% Низкий	около 9 лет назад
CVE-2016-8283 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.	CVSS3: 4.3	0% Низкий	больше 9 лет назад
CVE-2016-8283 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 a ...	CVSS3: 4.3	0% Низкий	больше 9 лет назад
CVE-2016-5630 Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.	CVSS3: 4.9	1% Низкий	больше 9 лет назад
CVE-2016-5630 Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.1 ...	CVSS3: 4.9	1% Низкий	больше 9 лет назад
CVE-2016-5629 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.	CVSS3: 4.9	1% Низкий	больше 9 лет назад

Уязвимостей на страницу