Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:mariadb:mariadb:5.3.1:*:*:*:*:*:*:*
There are 32 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-28912

With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between the client and the server, and getting the ability to run SQL commands on behalf of the connected user. This occurs because of an incorrect security descriptor. This affects MariaDB Server before 10.1.48, 10.2.x before 10.2.35, 10.3.x before 10.3.26, 10.4.x before 10.4.16, and 10.5.x before 10.5.7. NOTE: this issue exists because certain details of the MariaDB CVE-2019-2503 fix did not comprehensively address attack variants against MariaDB. This situation is specific to MariaDB, and thus CVE-2020-28912 does NOT apply to other vendors that were originally affected by CVE-2019-2503.

Published: December 24, 2020; 3:15:12 PM -0500
V3.1: 7.0 HIGH
V2.0: 4.4 MEDIUM
CVE-2017-15365

sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.

Published: January 25, 2018; 11:29:00 AM -0500
V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-15945

The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.

Published: October 27, 2017; 5:29:00 PM -0400
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2017-3302

Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.

Published: February 11, 2017; 11:59:00 PM -0500
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-6664

mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.

Published: December 13, 2016; 4:59:01 PM -0500
V3.1: 7.0 HIGH
V2.0: 6.9 MEDIUM
CVE-2016-5635

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit.

Published: October 25, 2016; 10:31:51 AM -0400
V3.0: 4.9 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2016-5634

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to RBR.

Published: October 25, 2016; 10:31:50 AM -0400
V3.0: 4.9 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2016-5633

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-8290.

Published: October 25, 2016; 10:31:49 AM -0400
V3.0: 4.9 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2016-5632

Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.

Published: October 25, 2016; 10:31:48 AM -0400
V3.0: 4.9 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2016-5631

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached.

Published: October 25, 2016; 10:31:46 AM -0400
V3.0: 4.9 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2016-5628

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML.

Published: October 25, 2016; 10:31:43 AM -0400
V3.0: 4.9 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2016-5625

Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Packaging.

Published: October 25, 2016; 10:31:39 AM -0400
V3.0: 7.0 HIGH
V2.0: 4.4 MEDIUM
CVE-2016-5609

Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.

Published: October 25, 2016; 10:31:22 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2016-3495

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.

Published: October 25, 2016; 10:29:11 AM -0400
V3.0: 4.9 MEDIUM
V2.0: 6.8 MEDIUM
CVE-2016-3492

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

Published: October 25, 2016; 10:29:10 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 6.8 MEDIUM
CVE-2015-3152

Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.

Published: May 16, 2016; 6:59:01 AM -0400
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-0616

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Published: January 20, 2016; 10:02:39 PM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2016-0610

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Published: January 20, 2016; 10:02:37 PM -0500
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-6559

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.

Published: October 15, 2014; 6:55:08 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-6507

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.

Published: October 15, 2014; 6:55:06 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM