Summary
| Detail | |||
|---|---|---|---|
| Vendor | Mariadb | First view | 2005-04-14 |
| Product | Mariadb | Last view | 2023-09-27 |
| Version | 5.2.14 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:mariadb:mariadb | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2023-09-27 | CVE-2023-5157 | A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service. |
| 6.5 | 2023-01-20 | CVE-2022-47015 | MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer. |
| 4.4 | 2022-10-18 | CVE-2022-21595 | Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| 5.5 | 2022-08-27 | CVE-2022-38791 | In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. |
| 7.5 | 2022-07-01 | CVE-2022-32091 | MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. |
| 7.5 | 2022-07-01 | CVE-2022-32089 | MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. |
| 7.5 | 2022-07-01 | CVE-2022-32088 | MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. |
| 7.5 | 2022-07-01 | CVE-2022-32087 | MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. |
| 7.5 | 2022-07-01 | CVE-2022-32086 | MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field. |
| 7.5 | 2022-07-01 | CVE-2022-32085 | MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. |
| 7.5 | 2022-07-01 | CVE-2022-32084 | MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. |
| 7.5 | 2022-07-01 | CVE-2022-32083 | MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. |
| 7.5 | 2022-07-01 | CVE-2022-32082 | MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. |
| 7.5 | 2022-07-01 | CVE-2022-32081 | MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. |
| 5.5 | 2022-05-25 | CVE-2022-31624 | MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. |
| 5.5 | 2022-05-25 | CVE-2022-31623 | MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. |
| 5.5 | 2022-05-25 | CVE-2022-31622 | MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. |
| 5.5 | 2022-05-25 | CVE-2022-31621 | MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. |
| 4.4 | 2022-04-19 | CVE-2022-21451 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| 4.9 | 2022-04-19 | CVE-2022-21427 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| 7.5 | 2022-04-14 | CVE-2022-27457 | MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. |
| 7.5 | 2022-04-14 | CVE-2022-27456 | MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. |
| 7.5 | 2022-04-14 | CVE-2022-27455 | MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. |
| 7.5 | 2022-04-14 | CVE-2022-27452 | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. |
| 7.5 | 2022-04-14 | CVE-2022-27451 | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 19% (12) | CWE-416 | Use After Free |
| 11% (7) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
| 8% (5) | CWE-667 | Insufficient Locking |
| 6% (4) | CWE-617 | Reachable Assertion |
| 6% (4) | CWE-476 | NULL Pointer Dereference |
| 4% (3) | CWE-787 | Out-of-bounds Write |
| 4% (3) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 4% (3) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 3% (2) | CWE-362 | Race Condition |
| 3% (2) | CWE-125 | Out-of-bounds Read |
| 3% (2) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 1% (1) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 1% (1) | CWE-522 | Insufficiently Protected Credentials |
| 1% (1) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 1% (1) | CWE-326 | Inadequate Encryption Strength |
| 1% (1) | CWE-295 | Certificate Issues |
| 1% (1) | CWE-269 | Improper Privilege Management |
| 1% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 1% (1) | CWE-254 | Security Features |
| 1% (1) | CWE-190 | Integer Overflow or Wraparound |
| 1% (1) | CWE-134 | Uncontrolled Format String |
| 1% (1) | CWE-122 | Heap-based Buffer Overflow |
| 1% (1) | CWE-121 | Stack-based Buffer Overflow |
| 1% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 1% (1) | CWE-77 | Improper Sanitization of Special Elements used in a Command ('Comma... |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 13013 | MySQL mysqlaccess.sh Symlink Arbitrary File Manipulation |
OpenVAS Exploits
| id | Description |
|---|---|
| 2013-09-18 | Name : Debian Security Advisory DSA 2581-1 (mysql-5.1 - several vulnerabilities) File : nvt/deb_2581_1.nasl |
| 2012-11-26 | Name : Oracle MySQL Server Multiple Vulnerabilities-01 Nov12 (Windows) File : nvt/gb_oracle_mysql_multiple_vuln01_nov12_win.nasl |
| 2012-11-26 | Name : Oracle MySQL Server Multiple Vulnerabilities-02 Nov12 (Windows) File : nvt/gb_oracle_mysql_multiple_vuln02_nov12_win.nasl |
| 2012-11-26 | Name : Oracle MySQL Server Multiple Vulnerabilities-03 Nov12 (Windows) File : nvt/gb_oracle_mysql_multiple_vuln03_nov12_win.nasl |
| 2012-11-15 | Name : CentOS Update for mysql CESA-2012:1462 centos6 File : nvt/gb_CESA-2012_1462_mysql_centos6.nasl |
| 2012-11-15 | Name : RedHat Update for mysql RHSA-2012:1462-01 File : nvt/gb_RHSA-2012_1462-01_mysql.nasl |
| 2012-11-06 | Name : Ubuntu Update for mysql-5.5 USN-1621-1 File : nvt/gb_ubuntu_USN_1621_1.nasl |
| 2012-08-10 | Name : Debian Security Advisory DSA 2496-1 (mysql-5.1) File : nvt/deb_2496_1.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200501-33 (mysql) File : nvt/glsa_200501_33.nasl |
| 2008-09-04 | Name : FreeBSD Ports: mysql-scripts File : nvt/freebsd_mysql-scripts.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 647-1 (mysql) File : nvt/deb_647_1.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0155 | Multiple Vulnerabilities in Oracle MySQL Product Suite Severity: Category I - VMSKEY: V0061083 |
| 2015-A-0113 | Multiple Vulnerabilities in Juniper Networks CTPOS Severity: Category I - VMSKEY: V0060737 |
| 2014-A-0172 | Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform Severity: Category I - VMSKEY: V0057381 |
| 2014-B-0103 | Multiple Vulnerabilities in VMware Horizon View Client Severity: Category I - VMSKEY: V0053509 |
| 2014-B-0102 | Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.5 Severity: Category I - VMSKEY: V0053507 |
| 2014-B-0101 | Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.1 Severity: Category I - VMSKEY: V0053505 |
| 2014-A-0115 | Multiple Vulnerabilities in VMware Horizon View Severity: Category I - VMSKEY: V0053501 |
| 2014-B-0097 | Multiple Vulnerabilities in VMware ESXi 5.0 Severity: Category I - VMSKEY: V0053319 |
| 2014-A-0099 | Multiple Vulnerabilities in McAfee Email Gateway Severity: Category I - VMSKEY: V0053203 |
| 2014-A-0100 | Multiple Vulnerabilities in McAfee VirusScan Enterprise for Linux Severity: Category I - VMSKEY: V0053201 |
| 2014-A-0103 | Multiple Vulnerabilities in Oracle E-Business Severity: Category I - VMSKEY: V0053195 |
| 2014-A-0106 | Multiple Vulnerabilities in Oracle MySQL Product Suite Severity: Category I - VMSKEY: V0053189 |
| 2014-A-0109 | Multiple Vulnerabilities in VMware Fusion Severity: Category I - VMSKEY: V0053183 |
| 2014-A-0110 | Multiple Vulnerabilities in VMware Player Severity: Category I - VMSKEY: V0053181 |
| 2014-A-0111 | Multiple Vulnerabilities in VMware Workstation Severity: Category I - VMSKEY: V0053179 |
| 2014-B-0095 | Multiple Vulnerabilities in Splunk Severity: Category I - VMSKEY: V0053177 |
| 2014-B-0088 | Multiple Vulnerabilities in VMware ESXi 5.5 Severity: Category I - VMSKEY: V0052911 |
| 2014-B-0089 | Multiple Vulnerabilities in VMware ESXi 5.1 Severity: Category I - VMSKEY: V0052909 |
| 2014-B-0091 | Multiple Vulnerabilities in VMware vCenter Update Manager 5.5 Severity: Category I - VMSKEY: V0052907 |
| 2014-B-0084 | HP Onboard Administrator Information Disclosure Vulnerability Severity: Category I - VMSKEY: V0052901 |
| 2014-B-0085 | Multiple Vulnerabilities in HP System Management Homepage (SMH) Severity: Category I - VMSKEY: V0052899 |
| 2014-B-0092 | Multiple Vulnerabilities in VMware vSphere Client 5.5 Severity: Category I - VMSKEY: V0052893 |
| 2014-A-0089 | Multiple Vulnerabilities in Juniper Pulse Secure Access Service (IVE) Severity: Category I - VMSKEY: V0052805 |
| 2014-B-0079 | Multiple Vulnerabilities in IBM AIX Severity: Category I - VMSKEY: V0052641 |
| 2014-B-0078 | Multiple Vulnerabilities in Blue Coat ProxySG Severity: Category I - VMSKEY: V0052639 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-02-25 | OpenSSL anonymous ECDH denial of service attempt RuleID : 52626 - Type : SERVER-OTHER - Revision : 1 |
| 2020-02-25 | OpenSSL anonymous ECDH denial of service attempt RuleID : 52625 - Type : SERVER-OTHER - Revision : 1 |
| 2020-01-21 | OpenSSL SSL ChangeCipherSpec man-in-the-middle attempt RuleID : 52487 - Type : SERVER-OTHER - Revision : 1 |
| 2020-01-14 | MySQL/MariaDB Server geometry query envelope object integer overflow attempt RuleID : 52423 - Type : SERVER-MYSQL - Revision : 1 |
| 2017-11-30 | MySQL/MariaDB Server geometry query integer overflow attempt RuleID : 44674 - Type : SERVER-MYSQL - Revision : 2 |
| 2016-10-25 | Multiple SQL products privilege escalation attempt RuleID : 40254 - Type : SERVER-MYSQL - Revision : 2 |
| 2016-10-25 | Multiple SQL products privilege escalation attempt RuleID : 40253 - Type : SERVER-MYSQL - Revision : 2 |
| 2016-03-14 | Hunter exploit kit landing page detected RuleID : 36543 - Type : EXPLOIT-KIT - Revision : 2 |
| 2015-03-31 | MySQL/MariaDB Server geometry query object integer overflow attempt RuleID : 33637 - Type : SERVER-MYSQL - Revision : 4 |
| 2014-12-16 | Oracle MySQL Server XPath memory Corruption attempt RuleID : 32533 - Type : SERVER-MYSQL - Revision : 2 |
| 2014-11-16 | MySQL/MariaDB mysql.cc buffer overflow attempt RuleID : 31570 - Type : SERVER-MYSQL - Revision : 3 |
| 2014-11-16 | OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt RuleID : 31484 - Type : SERVER-OTHER - Revision : 3 |
| 2014-11-16 | OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt RuleID : 31483 - Type : SERVER-OTHER - Revision : 3 |
| 2014-11-16 | OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt RuleID : 31482 - Type : SERVER-OTHER - Revision : 3 |
| 2014-11-16 | OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt RuleID : 31481 - Type : SERVER-OTHER - Revision : 3 |
| 2014-11-16 | OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt RuleID : 31480 - Type : SERVER-OTHER - Revision : 3 |
| 2014-11-16 | OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt RuleID : 31479 - Type : SERVER-OTHER - Revision : 3 |
| 2014-11-16 | OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt RuleID : 31478 - Type : SERVER-OTHER - Revision : 3 |
| 2014-11-16 | OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt RuleID : 31477 - Type : SERVER-OTHER - Revision : 3 |
| 2014-11-16 | OpenSSL DTLSv1.0 handshake fragment buffer overrun attempt RuleID : 31361 - Type : SERVER-OTHER - Revision : 4 |
| 2014-11-16 | OpenSSL DTLSv1.0 handshake fragment buffer overrun attempt RuleID : 31182 - Type : SERVER-OTHER - Revision : 2 |
| 2014-07-05 | OpenSSL DTLS handshake recursion denial of service attempt RuleID : 31181 - Type : SERVER-OTHER - Revision : 9 |
| 2014-07-05 | OpenSSL DTLS handshake recursion denial of service attempt RuleID : 31180 - Type : SERVER-OTHER - Revision : 7 |
| 2014-01-10 | MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt RuleID : 26313 - Type : SERVER-MYSQL - Revision : 5 |
| 2014-01-10 | MySQL/MariaDB Server geometry query multistring object integer overflow attempt RuleID : 26312 - Type : SERVER-MYSQL - Revision : 5 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-17 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_5_6_43.nasl - Type: ACT_GATHER_INFO |
| 2019-01-17 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_5_7_25.nasl - Type: ACT_GATHER_INFO |
| 2019-01-17 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_8_0_14.nasl - Type: ACT_GATHER_INFO |
| 2019-01-16 | Name: The remote database server is affected by multiple vulnerabilities File: mariadb_10_0_37.nasl - Type: ACT_GATHER_INFO |
| 2019-01-16 | Name: The remote database server is affected by multiple vulnerabilities File: mariadb_5_5_42.nasl - Type: ACT_GATHER_INFO |
| 2019-01-07 | Name: The remote EulerOS Virtualization host is missing a security update. File: EulerOS_SA-2019-1001.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-00e90783d2.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-242f6c1a41.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-2513b888a4.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-55b875c1ac.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-77e610115a.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-83bbd0c22f.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-b4820696e1.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-c82fc3e109.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-f67fda3db6.nasl - Type: ACT_GATHER_INFO |
| 2018-12-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1114.nasl - Type: ACT_GATHER_INFO |
| 2018-12-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1115.nasl - Type: ACT_GATHER_INFO |
| 2018-12-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1116.nasl - Type: ACT_GATHER_INFO |
| 2018-11-27 | Name: The remote Fedora host is missing a security update. File: fedora_2018-192148f4ff.nasl - Type: ACT_GATHER_INFO |
| 2018-11-27 | Name: The remote Fedora host is missing a security update. File: fedora_2018-4ae94c8deb.nasl - Type: ACT_GATHER_INFO |
| 2018-11-20 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4341.nasl - Type: ACT_GATHER_INFO |
| 2018-11-08 | Name: The remote Debian host is missing a security update. File: debian_DLA-1570.nasl - Type: ACT_GATHER_INFO |
| 2018-11-06 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2018-309-01.nasl - Type: ACT_GATHER_INFO |
| 2018-11-06 | Name: The remote Debian host is missing a security update. File: debian_DLA-1566.nasl - Type: ACT_GATHER_INFO |
| 2018-10-26 | Name: The remote EulerOS Virtualization host is missing multiple security updates. File: EulerOS_SA-2018-1337.nasl - Type: ACT_GATHER_INFO |
