MariaDB — ответвление от системы управления базами данных MySQL, разрабатываемое сообществом под лицензией GNU GPL.
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 144
CVE-2022-32083
MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.
CVE-2022-27384
An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
BDU:2022-06906
Уязвимость компонента Item_subselect::init_expr_cache_tracker СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании
CVE-2022-27380
An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
CVE-2020-15180
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.
CVE-2020-15180
A flaw was found in the mysql-wsrep component of mariadb. Lack of inpu ...
CVE-2020-15180
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.
CVE-2021-46668
MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.
CVE-2021-46661
MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).
CVE-2021-46664
MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2022-32083 MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. | CVSS3: 6.5 | 0% Низкий | около 4 лет назад |
| CVE-2022-27384 An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | CVSS3: 7.5 | 0% Низкий | около 4 лет назад |
 | BDU:2022-06906 Уязвимость компонента Item_subselect::init_expr_cache_tracker СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 0% Низкий | около 4 лет назад |
| CVE-2022-27380 An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | CVSS3: 7.5 | 1% Низкий | около 4 лет назад |
 | CVE-2020-15180 A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6. | CVSS3: 9 | 5% Низкий | больше 4 лет назад |
| CVE-2020-15180 A flaw was found in the mysql-wsrep component of mariadb. Lack of inpu ... | CVSS3: 9 | 5% Низкий | больше 4 лет назад |
 | CVE-2020-15180 A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6. | CVSS3: 9 | 5% Низкий | больше 4 лет назад |
| CVE-2021-46668 MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. | CVSS3: 5.5 | 0% Низкий | больше 4 лет назад |
| CVE-2021-46661 MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). | CVSS3: 5.5 | 0% Низкий | больше 4 лет назад |
| CVE-2021-46664 MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. | CVSS3: 5.5 | 0% Низкий | больше 4 лет назад |
Уязвимостей на страницу