CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52968
https://notcve.org/view.php?id=CVE-2023-52968
08 Mar 2025 — MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fix_fields_if_needed under mysql_derived_prepare when derived is not yet prepared, leading to a find_field_in_table crash. • https://jira.mariadb.org/browse/MDEV-32082 • CWE-696: Incorrect Behavior Order •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52969
https://notcve.org/view.php?id=CVE-2023-52969
08 Mar 2025 — MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2. • https://jira.mariadb.org/browse/MDEV-32083 • CWE-1038: Insecure Automated Optimizations •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52970
https://notcve.org/view.php?id=CVE-2023-52970
08 Mar 2025 — MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where. • https://jira.mariadb.org/browse/MDEV-32086 • CWE-1038: Insecure Automated Optimizations •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52971
https://notcve.org/view.php?id=CVE-2023-52971
08 Mar 2025 — MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan. • https://jira.mariadb.org/browse/MDEV-32084 • CWE-1038: Insecure Automated Optimizations •
CVSS: 7.5EPSS: 17%CPEs: 1EXPL: 1CVE-2024-27766
https://notcve.org/view.php?id=CVE-2024-27766
17 Oct 2024 — An issue in MYSQL MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. • https://github.com/Ant1sec-ops/CVE-2024-27766 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.7EPSS: 1%CPEs: 1EXPL: 1CVE-2023-39593
https://notcve.org/view.php?id=CVE-2023-39593
17 Oct 2024 — Insecure permissions in the sys_exec function of Oracle MYSQL MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. • https://github.com/Ant1sec-ops/CVE-2023-39593 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 14%CPEs: 1EXPL: 1CVE-2023-26785
https://notcve.org/view.php?id=CVE-2023-26785
17 Oct 2024 — MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability. MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. • https://github.com/Ant1sec-ops/CVE-2023-26785 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 1%CPEs: 31EXPL: 0CVE-2023-5157 – Mariadb: node crashes with transport endpoint is not connected mysqld got signal 6
https://notcve.org/view.php?id=CVE-2023-5157
26 Sep 2023 — A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service. Se encontró una vulnerabilidad en MariaDB. Un escaneo de puertos OpenVAS en los puertos 3306 y 4567 permite que un cliente remoto malicioso provoque una denegación de servicio. An update for the mariadb:10.5 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Servi... • https://access.redhat.com/errata/RHSA-2023:5683 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40354
https://notcve.org/view.php?id=CVE-2023-40354
14 Aug 2023 — An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a "maxctrl create service" command line, but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are 2.5.28, 6.4.9, 22.08.8, and 23.02.3. Se descubrió un problema en MariaDB MaxScale antes del 23.02.3. Un usuario ingresa una contraseña cifrada en una línea de comando "maxctrl create service", pero esta contraseña luego se almacena en t... • https://jira.mariadb.org/browse/MXS-4681 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-47015 – mariadb: NULL pointer dereference in spider_db_mbase::print_warnings()
https://notcve.org/view.php?id=CVE-2022-47015
20 Jan 2023 — MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer. MariaDB Server anterior a 10.3.34 hasta 10.9.3 es vulnerable a la denegación de servicio. Es posible que la función spider_db_mbase::print_warnings elimine la referencia a un puntero null. Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. • https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954 • CWE-476: NULL Pointer Dereference •