This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Mariadb First view 2012-06-26
Product Mariadb Last view 2020-02-04
Version 5.1.42 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:mariadb:mariadb

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2020-02-04 CVE-2020-7221

mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently.

8.8 2018-01-25 CVE-2017-15365

sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.

7.8 2017-10-27 CVE-2017-15945

The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.

7.5 2017-02-11 CVE-2017-3302

Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.

7 2016-12-13 CVE-2016-6663

Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.

4.3 2016-10-25 CVE-2016-8283

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.

4.9 2016-10-25 CVE-2016-5635

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit.

4.9 2016-10-25 CVE-2016-5634

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to RBR.

4.9 2016-10-25 CVE-2016-5633

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-8290.

4.9 2016-10-25 CVE-2016-5632

Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.

4.9 2016-10-25 CVE-2016-5631

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached.

4.9 2016-10-25 CVE-2016-5630

Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.

4.9 2016-10-25 CVE-2016-5629

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.

4.9 2016-10-25 CVE-2016-5628

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML.

6.5 2016-10-25 CVE-2016-5627

Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.

6.5 2016-10-25 CVE-2016-5626

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

7 2016-10-25 CVE-2016-5625

Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Packaging.

6.5 2016-10-25 CVE-2016-5612

Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.

6.5 2016-10-25 CVE-2016-5609

Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.

4.4 2016-10-25 CVE-2016-5584

Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.

4.9 2016-10-25 CVE-2016-5507

Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.

4.9 2016-10-25 CVE-2016-3495

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.

6.5 2016-10-25 CVE-2016-3492

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

9.8 2016-09-20 CVE-2016-6662

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.

3.7 2016-07-21 CVE-2016-5444

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.

CWE : Common Weakness Enumeration

%idName
23% (3) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
7% (1) CWE-732 Incorrect Permission Assignment for Critical Resource
7% (1) CWE-416 Use After Free
7% (1) CWE-362 Race Condition
7% (1) CWE-287 Improper Authentication
7% (1) CWE-284 Access Control (Authorization) Issues
7% (1) CWE-269 Improper Privilege Management
7% (1) CWE-264 Permissions, Privileges, and Access Controls
7% (1) CWE-254 Security Features
7% (1) CWE-200 Information Exposure
7% (1) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...

OpenVAS Exploits

id Description
2013-09-18 Name : Debian Security Advisory DSA 2581-1 (mysql-5.1 - several vulnerabilities)
File : nvt/deb_2581_1.nasl
2012-12-26 Name : Fedora Update for mysql FEDORA-2012-19823
File : nvt/gb_fedora_2012_19823_mysql_fc16.nasl
2012-12-18 Name : Fedora Update for mysql FEDORA-2012-19833
File : nvt/gb_fedora_2012_19833_mysql_fc17.nasl
2012-12-13 Name : SuSE Update for mysql openSUSE-SU-2012:0860-1 (mysql)
File : nvt/gb_suse_2012_0860_1.nasl
2012-12-11 Name : Ubuntu Update for mysql-5.5 USN-1658-1
File : nvt/gb_ubuntu_USN_1658_1.nasl
2012-12-10 Name : CentOS Update for mysql CESA-2012:1551 centos6
File : nvt/gb_CESA-2012_1551_mysql_centos6.nasl
2012-12-10 Name : RedHat Update for mysql RHSA-2012:1551-01
File : nvt/gb_RHSA-2012_1551-01_mysql.nasl
2012-12-10 Name : Mandriva Update for mysql MDVSA-2012:178 (mysql)
File : nvt/gb_mandriva_MDVSA_2012_178.nasl
2012-08-30 Name : Fedora Update for mysql FEDORA-2012-9308
File : nvt/gb_fedora_2012_9308_mysql_fc17.nasl
2012-08-10 Name : Debian Security Advisory DSA 2496-1 (mysql-5.1)
File : nvt/deb_2496_1.nasl
2012-06-28 Name : Fedora Update for mysql FEDORA-2012-9324
File : nvt/gb_fedora_2012_9324_mysql_fc16.nasl
2012-06-15 Name : Ubuntu Update for mysql-5.5 USN-1467-1
File : nvt/gb_ubuntu_USN_1467_1.nasl
2012-06-11 Name : MySQL Authentication Bypass
File : nvt/mysql_auth_bypas_cve_2012_2122.nasl

Snort® IPS/IDS

Date Description
2020-01-14 MySQL/MariaDB Server geometry query envelope object integer overflow attempt
RuleID : 52423 - Type : SERVER-MYSQL - Revision : 1
2017-11-30 MySQL/MariaDB Server geometry query integer overflow attempt
RuleID : 44674 - Type : SERVER-MYSQL - Revision : 2
2016-10-25 Multiple SQL products privilege escalation attempt
RuleID : 40254 - Type : SERVER-MYSQL - Revision : 2
2016-10-25 Multiple SQL products privilege escalation attempt
RuleID : 40253 - Type : SERVER-MYSQL - Revision : 2
2015-03-31 MySQL/MariaDB Server geometry query object integer overflow attempt
RuleID : 33637 - Type : SERVER-MYSQL - Revision : 4
2014-11-16 MySQL/MariaDB mysql.cc buffer overflow attempt
RuleID : 31570 - Type : SERVER-MYSQL - Revision : 3
2014-01-10 MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt
RuleID : 26313 - Type : SERVER-MYSQL - Revision : 5
2014-01-10 MySQL/MariaDB Server geometry query multistring object integer overflow attempt
RuleID : 26312 - Type : SERVER-MYSQL - Revision : 5
2014-01-10 MySQL/MariaDB Server geometry query polygon object integer overflow attempt
RuleID : 26311 - Type : SERVER-MYSQL - Revision : 5
2014-01-10 MySQL/MariaDB Server geometry query linestring object integer overflow attempt
RuleID : 26310 - Type : SERVER-MYSQL - Revision : 6
2014-01-10 MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt
RuleID : 26309 - Type : SERVER-MYSQL - Revision : 5
2014-01-10 MySQL/MariaDB Server geometry query multistring object integer overflow attempt
RuleID : 26308 - Type : SERVER-MYSQL - Revision : 5
2014-01-10 MySQL/MariaDB Server geometry query polygon object integer overflow attempt
RuleID : 26307 - Type : SERVER-MYSQL - Revision : 5
2014-01-10 MySQL/MariaDB Server geometry query linestring object integer overflow attempt
RuleID : 26306 - Type : SERVER-MYSQL - Revision : 5
2014-01-10 MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt
RuleID : 26305 - Type : SERVER-MYSQL - Revision : 5
2014-01-10 MySQL/MariaDB Server geometry query multistring object integer overflow attempt
RuleID : 26304 - Type : SERVER-MYSQL - Revision : 5
2014-01-10 MySQL/MariaDB Server geometry query polygon object integer overflow attempt
RuleID : 26303 - Type : SERVER-MYSQL - Revision : 5
2014-01-10 MySQL/MariaDB Server geometry query linestring object integer overflow attempt
RuleID : 26302 - Type : SERVER-MYSQL - Revision : 5
2014-01-10 MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt
RuleID : 26301 - Type : SERVER-MYSQL - Revision : 6
2014-01-10 MySQL/MariaDB Server geometry query multistring object integer overflow attempt
RuleID : 26300 - Type : SERVER-MYSQL - Revision : 6
2014-01-10 MySQL/MariaDB Server geometry query polygon object integer overflow attempt
RuleID : 26299 - Type : SERVER-MYSQL - Revision : 6
2014-01-10 Oracle MySQL grant file long database name stack overflow attempt
RuleID : 24897 - Type : SERVER-MYSQL - Revision : 5
2014-01-10 MySQL/MariaDB client authentication bypass attempt
RuleID : 23115 - Type : SERVER-MYSQL - Revision : 8

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-11-20 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4341.nasl - Type: ACT_GATHER_INFO
2018-08-21 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL73828041.nasl - Type: ACT_GATHER_INFO
2018-08-15 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL16845.nasl - Type: ACT_GATHER_INFO
2018-08-15 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL53729441.nasl - Type: ACT_GATHER_INFO
2018-01-24 Name: The remote Fedora host is missing a security update.
File: fedora_2018-0d6a80f496.nasl - Type: ACT_GATHER_INFO
2017-12-26 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_b7d89082e7c011e7ac58b499baebfeaf.nasl - Type: ACT_GATHER_INFO
2017-12-07 Name: The remote database server is affected by multiple vulnerabilities.
File: mariadb_10_2_10.nasl - Type: ACT_GATHER_INFO
2017-11-13 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201711-04.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1169.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1170.nasl - Type: ACT_GATHER_INFO
2017-09-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1079.nasl - Type: ACT_GATHER_INFO
2017-08-25 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-2192.nasl - Type: ACT_GATHER_INFO
2017-08-22 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170801_mariadb_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-2192.nasl - Type: ACT_GATHER_INFO
2017-08-03 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2192.nasl - Type: ACT_GATHER_INFO
2017-07-13 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-0184.nasl - Type: ACT_GATHER_INFO
2017-06-05 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-644.nasl - Type: ACT_GATHER_INFO
2017-05-17 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1311-1.nasl - Type: ACT_GATHER_INFO
2017-05-17 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1315-1.nasl - Type: ACT_GATHER_INFO
2017-05-09 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-555.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1011.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1035.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1062.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1137-1.nasl - Type: ACT_GATHER_INFO
2017-04-28 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3269-1.nasl - Type: ACT_GATHER_INFO