Количество 2 129
Количество 2 129
SUSE-SU-2023:3712-1
Security update for mariadb
SUSE-SU-2023:3174-1
Security update for mariadb
SUSE-SU-2023:2991-1
Security update for mariadb
SUSE-SU-2023:2835-1
Security update for mariadb
SUSE-SU-2023:2479-1
Security update for mariadb
SUSE-SU-2023:2478-2
Security update for mariadb
SUSE-SU-2023:2478-1
Security update for mariadb
SUSE-RU-2022:3855-1
Recommended update for mariadb
GHSA-xmmc-5876-ffjc
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.
GHSA-x653-r3p3-jh2f
This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.
GHSA-x3qj-5vwp-jfh8
MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.
GHSA-x3q7-35r8-p299
MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.
GHSA-wrw9-g9r9-p9h2
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
GHSA-vx82-3vmh-hc4q
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
GHSA-vfrr-qwmc-g5r4
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.
GHSA-vcx9-8fp4-h37w
MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.
GHSA-v65w-qwp3-hm34
In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.
GHSA-qhvg-j82m-w264
MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.
GHSA-qcx8-8xph-pfh5
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.
GHSA-qcq9-cqmp-6vr3
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | SUSE-SU-2023:3712-1 Security update for mariadb | 0% Низкий | больше 1 года назад | |
| SUSE-SU-2023:3174-1 Security update for mariadb | 0% Низкий | почти 2 года назад | |
| SUSE-SU-2023:2991-1 Security update for mariadb | 0% Низкий | почти 2 года назад | |
| SUSE-SU-2023:2835-1 Security update for mariadb | 0% Низкий | почти 2 года назад | |
| SUSE-SU-2023:2479-1 Security update for mariadb | 0% Низкий | около 2 лет назад | |
| SUSE-SU-2023:2478-2 Security update for mariadb | 0% Низкий | почти 2 года назад | |
| SUSE-SU-2023:2478-1 Security update for mariadb | 0% Низкий | около 2 лет назад | |
| SUSE-RU-2022:3855-1 Recommended update for mariadb | 0% Низкий | больше 2 лет назад | |
| GHSA-xmmc-5876-ffjc MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. | CVSS3: 7.5 | 0% Низкий | около 3 лет назад |
| GHSA-x653-r3p3-jh2f This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад |
| GHSA-x3qj-5vwp-jfh8 MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. | CVSS3: 7.5 | 0% Низкий | около 3 лет назад |
| GHSA-x3q7-35r8-p299 MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. | CVSS3: 7.5 | 0% Низкий | около 3 лет назад |
| GHSA-wrw9-g9r9-p9h2 MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад |
| GHSA-vx82-3vmh-hc4q MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. | CVSS3: 5.5 | 0% Низкий | около 3 лет назад |
| GHSA-vfrr-qwmc-g5r4 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. | CVSS3: 7.5 | 0% Низкий | около 3 лет назад |
| GHSA-vcx9-8fp4-h37w MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. | CVSS3: 9.8 | 0% Низкий | почти 3 года назад |
| GHSA-v65w-qwp3-hm34 In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. | CVSS3: 5.5 | 0% Низкий | почти 3 года назад |
| GHSA-qhvg-j82m-w264 MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. | CVSS3: 5.5 | 0% Низкий | больше 3 лет назад |
| GHSA-qcx8-8xph-pfh5 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. | CVSS3: 7.5 | 0% Низкий | почти 3 года назад |
| GHSA-qcq9-cqmp-6vr3 MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. | CVSS3: 5.5 | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу