Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
1248 vulnerabilities found for MariaDB by MariaDB
CVE-2026-3494 (GCVE-0-2026-3494)
Vulnerability from nvd – Published: 2026-03-03 18:12 – Updated: 2026-03-03 22:56
VLAI?
Title
MariaDB Server Audit Plugin Comment Handling Bypass
Summary
In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.
Severity ?
4.3 (Medium)
CWE
- CWE-778 - (Insufficient Logging)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| MariaDB Foundation | MariaDB Server |
Unaffected:
10.6.25
Unaffected: 10.11.16 Unaffected: 11.4.10 Unaffected: 11.8.6 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3494",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-03T18:56:25.959459Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T18:56:35.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MariaDB Server",
"vendor": "MariaDB Foundation",
"versions": [
{
"status": "unaffected",
"version": "10.6.25"
},
{
"status": "unaffected",
"version": "10.11.16"
},
{
"status": "unaffected",
"version": "11.4.10"
},
{
"status": "unaffected",
"version": "11.8.6"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aurora MySQL",
"vendor": "Amazon",
"versions": [
{
"status": "unaffected",
"version": "2.12.6"
},
{
"status": "unaffected",
"version": "3.04.6"
},
{
"status": "unaffected",
"version": "3.10.3"
},
{
"status": "unaffected",
"version": "3.11.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RDS for MySQL",
"vendor": "Amazon",
"versions": [
{
"status": "unaffected",
"version": "5.7.44-RDS.20260212"
},
{
"status": "unaffected",
"version": "8.0.45"
},
{
"status": "unaffected",
"version": "8.4.8"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RDS for MariaDB",
"vendor": "Amazon",
"versions": [
{
"status": "unaffected",
"version": "10.6.25"
},
{
"status": "unaffected",
"version": "10.11.16"
},
{
"status": "unaffected",
"version": "11.4.10"
},
{
"status": "unaffected",
"version": "11.8.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (\u2014) or hash (#) style comments, the statement is not logged.\u003c/p\u003e"
}
],
"value": "In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (\u2014) or hash (#) style comments, the statement is not logged."
}
],
"impacts": [
{
"capecId": "CAPEC-93",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-93 (Log Injection-Tampering-Forging)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-778",
"description": "CWE-778 (Insufficient Logging)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T22:56:22.439Z",
"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"shortName": "AMZN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/2026-006-AWS/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MariaDB Server Audit Plugin Comment Handling Bypass",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"assignerShortName": "AMZN",
"cveId": "CVE-2026-3494",
"datePublished": "2026-03-03T18:12:12.361Z",
"dateReserved": "2026-03-03T17:26:55.939Z",
"dateUpdated": "2026-03-03T22:56:22.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13699 (GCVE-0-2025-13699)
Vulnerability from nvd – Published: 2025-12-23 21:40 – Updated: 2025-12-24 16:10
VLAI?
Title
MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability
Summary
MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the handling of view names. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27000.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2025-11-27 15:53
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-24T16:10:37.452157Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T16:10:43.525Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "MariaDB",
"vendor": "MariaDB",
"versions": [
{
"status": "affected",
"version": "11.8.3"
}
]
}
],
"dateAssigned": "2025-11-25T21:39:52.300Z",
"datePublic": "2025-11-27T15:53:22.915Z",
"descriptions": [
{
"lang": "en",
"value": "MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the handling of view names. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27000."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T21:40:56.956Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-1025",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1025/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://jira.mariadb.org/browse/MDEV-37483"
}
],
"source": {
"lang": "en",
"value": "Litezeraw"
},
"title": "MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-13699",
"datePublished": "2025-12-23T21:40:56.956Z",
"dateReserved": "2025-11-25T21:39:52.281Z",
"dateUpdated": "2025-12-24T16:10:43.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52970 (GCVE-0-2023-52970)
Vulnerability from nvd – Published: 2025-03-08 00:00 – Updated: 2025-11-03 19:28
VLAI?
Summary
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.
Severity ?
4.9 (Medium)
CWE
- CWE-1038 - Insecure Automated Optimizations
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T14:51:41.279300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T15:30:48.105Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:28:54.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "MariaDB",
"vendor": "MariaDB",
"versions": [
{
"lessThan": "10.5.*",
"status": "affected",
"version": "10.4",
"versionType": "custom"
},
{
"lessThan": "10.6.*",
"status": "affected",
"version": "10.6",
"versionType": "custom"
},
{
"lessThan": "10.11.*",
"status": "affected",
"version": "10.7",
"versionType": "custom"
},
{
"lessThan": "11.0.*",
"status": "affected",
"version": "11.0",
"versionType": "custom"
},
{
"lessThan": "11.4.*",
"status": "affected",
"version": "11.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1038",
"description": "CWE-1038 Insecure Automated Optimizations",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-09T21:51:34.624Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://jira.mariadb.org/browse/MDEV-32086"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52970",
"datePublished": "2025-03-08T00:00:00.000Z",
"dateReserved": "2025-03-08T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:28:54.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52968 (GCVE-0-2023-52968)
Vulnerability from nvd – Published: 2025-03-08 00:00 – Updated: 2025-03-10 15:59
VLAI?
Summary
MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fix_fields_if_needed under mysql_derived_prepare when derived is not yet prepared, leading to a find_field_in_table crash.
Severity ?
4.9 (Medium)
CWE
- CWE-696 - Incorrect Behavior Order
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T15:58:35.517548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T15:59:46.152Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "MariaDB",
"vendor": "MariaDB",
"versions": [
{
"lessThan": "10.4.33",
"status": "affected",
"version": "10.4",
"versionType": "custom"
},
{
"lessThan": "10.5.24",
"status": "affected",
"version": "10.5",
"versionType": "custom"
},
{
"lessThan": "10.6.17",
"status": "affected",
"version": "10.6",
"versionType": "custom"
},
{
"lessThan": "10.11.7",
"status": "affected",
"version": "10.7",
"versionType": "custom"
},
{
"lessThan": "11.0.5",
"status": "affected",
"version": "11.0",
"versionType": "custom"
},
{
"lessThan": "11.1.4",
"status": "affected",
"version": "11.1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.4.33",
"versionStartIncluding": "10.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.5.24",
"versionStartIncluding": "10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.6.17",
"versionStartIncluding": "10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.11.7",
"versionStartIncluding": "10.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.0.5",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.4",
"versionStartIncluding": "11.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fix_fields_if_needed under mysql_derived_prepare when derived is not yet prepared, leading to a find_field_in_table crash."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-696",
"description": "CWE-696 Incorrect Behavior Order",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-08T22:45:30.565Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://jira.mariadb.org/browse/MDEV-32082"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52968",
"datePublished": "2025-03-08T00:00:00.000Z",
"dateReserved": "2025-03-08T00:00:00.000Z",
"dateUpdated": "2025-03-10T15:59:46.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52971 (GCVE-0-2023-52971)
Vulnerability from nvd – Published: 2025-03-08 00:00 – Updated: 2025-05-12 15:31
VLAI?
Summary
MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.
Severity ?
4.9 (Medium)
CWE
- CWE-1038 - Insecure Automated Optimizations
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T14:51:07.523280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T15:31:11.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "MariaDB",
"vendor": "MariaDB",
"versions": [
{
"lessThan": "10.11.*",
"status": "affected",
"version": "10.10",
"versionType": "custom"
},
{
"lessThan": "11.4.*",
"status": "affected",
"version": "11.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1038",
"description": "CWE-1038 Insecure Automated Optimizations",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-08T22:54:37.997Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://jira.mariadb.org/browse/MDEV-32084"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52971",
"datePublished": "2025-03-08T00:00:00.000Z",
"dateReserved": "2025-03-08T00:00:00.000Z",
"dateUpdated": "2025-05-12T15:31:11.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52969 (GCVE-0-2023-52969)
Vulnerability from nvd – Published: 2025-03-08 00:00 – Updated: 2025-11-03 19:28
VLAI?
Summary
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.
Severity ?
4.9 (Medium)
CWE
- CWE-1038 - Insecure Automated Optimizations
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T15:57:59.488189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T15:58:06.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:28:53.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "MariaDB",
"vendor": "MariaDB",
"versions": [
{
"lessThan": "10.5.*",
"status": "affected",
"version": "10.4",
"versionType": "custom"
},
{
"lessThan": "10.6.*",
"status": "affected",
"version": "10.6",
"versionType": "custom"
},
{
"lessThan": "10.11.*",
"status": "affected",
"version": "10.7",
"versionType": "custom"
},
{
"lessThan": "11.0.*",
"status": "affected",
"version": "11.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1038",
"description": "CWE-1038 Insecure Automated Optimizations",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-08T22:52:43.409Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://jira.mariadb.org/browse/MDEV-32083"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52969",
"datePublished": "2025-03-08T00:00:00.000Z",
"dateReserved": "2025-03-08T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:28:53.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-26785 (GCVE-0-2023-26785)
Vulnerability from nvd – Published: 2024-10-17 00:00 – Updated: 2024-10-20 23:39 Disputed
VLAI?
Summary
MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mariadb:mariadb:10.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mariadb",
"vendor": "mariadb",
"versions": [
{
"status": "affected",
"version": "10.5.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-26785",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T19:01:17.009266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T19:03:21.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a \"create function\" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-20T23:39:53.553Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Ant1sec-ops/CVE-2023-26785"
},
{
"url": "https://seclists.org/fulldisclosure/2012/Dec/39"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26785",
"datePublished": "2024-10-17T00:00:00.000Z",
"dateReserved": "2023-02-27T00:00:00.000Z",
"dateUpdated": "2024-10-20T23:39:53.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39593 (GCVE-0-2023-39593)
Vulnerability from nvd – Published: 2024-10-17 00:00 – Updated: 2024-10-20 23:41 Disputed
VLAI?
Summary
Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
Severity ?
5.6 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mariadb:mariadb:-:*:*:*:*:node.js:*:*"
],
"defaultStatus": "unknown",
"product": "mariadb",
"vendor": "mariadb",
"versions": [
{
"status": "affected",
"version": "10.5"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-39593",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T17:13:09.885638Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T17:19:30.016Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-20T23:41:10.199Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Ant1sec-ops/CVE-2023-39593"
},
{
"url": "https://seclists.org/fulldisclosure/2012/Dec/39"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-39593",
"datePublished": "2024-10-17T00:00:00.000Z",
"dateReserved": "2023-08-07T00:00:00.000Z",
"dateUpdated": "2024-10-20T23:41:10.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-3494 (GCVE-0-2026-3494)
Vulnerability from cvelistv5 – Published: 2026-03-03 18:12 – Updated: 2026-03-03 22:56
VLAI?
Title
MariaDB Server Audit Plugin Comment Handling Bypass
Summary
In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.
Severity ?
4.3 (Medium)
CWE
- CWE-778 - (Insufficient Logging)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| MariaDB Foundation | MariaDB Server |
Unaffected:
10.6.25
Unaffected: 10.11.16 Unaffected: 11.4.10 Unaffected: 11.8.6 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3494",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-03T18:56:25.959459Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T18:56:35.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MariaDB Server",
"vendor": "MariaDB Foundation",
"versions": [
{
"status": "unaffected",
"version": "10.6.25"
},
{
"status": "unaffected",
"version": "10.11.16"
},
{
"status": "unaffected",
"version": "11.4.10"
},
{
"status": "unaffected",
"version": "11.8.6"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aurora MySQL",
"vendor": "Amazon",
"versions": [
{
"status": "unaffected",
"version": "2.12.6"
},
{
"status": "unaffected",
"version": "3.04.6"
},
{
"status": "unaffected",
"version": "3.10.3"
},
{
"status": "unaffected",
"version": "3.11.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RDS for MySQL",
"vendor": "Amazon",
"versions": [
{
"status": "unaffected",
"version": "5.7.44-RDS.20260212"
},
{
"status": "unaffected",
"version": "8.0.45"
},
{
"status": "unaffected",
"version": "8.4.8"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RDS for MariaDB",
"vendor": "Amazon",
"versions": [
{
"status": "unaffected",
"version": "10.6.25"
},
{
"status": "unaffected",
"version": "10.11.16"
},
{
"status": "unaffected",
"version": "11.4.10"
},
{
"status": "unaffected",
"version": "11.8.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (\u2014) or hash (#) style comments, the statement is not logged.\u003c/p\u003e"
}
],
"value": "In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (\u2014) or hash (#) style comments, the statement is not logged."
}
],
"impacts": [
{
"capecId": "CAPEC-93",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-93 (Log Injection-Tampering-Forging)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-778",
"description": "CWE-778 (Insufficient Logging)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T22:56:22.439Z",
"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"shortName": "AMZN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/2026-006-AWS/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MariaDB Server Audit Plugin Comment Handling Bypass",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"assignerShortName": "AMZN",
"cveId": "CVE-2026-3494",
"datePublished": "2026-03-03T18:12:12.361Z",
"dateReserved": "2026-03-03T17:26:55.939Z",
"dateUpdated": "2026-03-03T22:56:22.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13699 (GCVE-0-2025-13699)
Vulnerability from cvelistv5 – Published: 2025-12-23 21:40 – Updated: 2025-12-24 16:10
VLAI?
Title
MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability
Summary
MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the handling of view names. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27000.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2025-11-27 15:53
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-24T16:10:37.452157Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T16:10:43.525Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "MariaDB",
"vendor": "MariaDB",
"versions": [
{
"status": "affected",
"version": "11.8.3"
}
]
}
],
"dateAssigned": "2025-11-25T21:39:52.300Z",
"datePublic": "2025-11-27T15:53:22.915Z",
"descriptions": [
{
"lang": "en",
"value": "MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the handling of view names. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27000."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T21:40:56.956Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-1025",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1025/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://jira.mariadb.org/browse/MDEV-37483"
}
],
"source": {
"lang": "en",
"value": "Litezeraw"
},
"title": "MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-13699",
"datePublished": "2025-12-23T21:40:56.956Z",
"dateReserved": "2025-11-25T21:39:52.281Z",
"dateUpdated": "2025-12-24T16:10:43.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52970 (GCVE-0-2023-52970)
Vulnerability from cvelistv5 – Published: 2025-03-08 00:00 – Updated: 2025-11-03 19:28
VLAI?
Summary
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.
Severity ?
4.9 (Medium)
CWE
- CWE-1038 - Insecure Automated Optimizations
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T14:51:41.279300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T15:30:48.105Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:28:54.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "MariaDB",
"vendor": "MariaDB",
"versions": [
{
"lessThan": "10.5.*",
"status": "affected",
"version": "10.4",
"versionType": "custom"
},
{
"lessThan": "10.6.*",
"status": "affected",
"version": "10.6",
"versionType": "custom"
},
{
"lessThan": "10.11.*",
"status": "affected",
"version": "10.7",
"versionType": "custom"
},
{
"lessThan": "11.0.*",
"status": "affected",
"version": "11.0",
"versionType": "custom"
},
{
"lessThan": "11.4.*",
"status": "affected",
"version": "11.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1038",
"description": "CWE-1038 Insecure Automated Optimizations",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-09T21:51:34.624Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://jira.mariadb.org/browse/MDEV-32086"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52970",
"datePublished": "2025-03-08T00:00:00.000Z",
"dateReserved": "2025-03-08T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:28:54.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52968 (GCVE-0-2023-52968)
Vulnerability from cvelistv5 – Published: 2025-03-08 00:00 – Updated: 2025-03-10 15:59
VLAI?
Summary
MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fix_fields_if_needed under mysql_derived_prepare when derived is not yet prepared, leading to a find_field_in_table crash.
Severity ?
4.9 (Medium)
CWE
- CWE-696 - Incorrect Behavior Order
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T15:58:35.517548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T15:59:46.152Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "MariaDB",
"vendor": "MariaDB",
"versions": [
{
"lessThan": "10.4.33",
"status": "affected",
"version": "10.4",
"versionType": "custom"
},
{
"lessThan": "10.5.24",
"status": "affected",
"version": "10.5",
"versionType": "custom"
},
{
"lessThan": "10.6.17",
"status": "affected",
"version": "10.6",
"versionType": "custom"
},
{
"lessThan": "10.11.7",
"status": "affected",
"version": "10.7",
"versionType": "custom"
},
{
"lessThan": "11.0.5",
"status": "affected",
"version": "11.0",
"versionType": "custom"
},
{
"lessThan": "11.1.4",
"status": "affected",
"version": "11.1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.4.33",
"versionStartIncluding": "10.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.5.24",
"versionStartIncluding": "10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.6.17",
"versionStartIncluding": "10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.11.7",
"versionStartIncluding": "10.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.0.5",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.4",
"versionStartIncluding": "11.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fix_fields_if_needed under mysql_derived_prepare when derived is not yet prepared, leading to a find_field_in_table crash."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-696",
"description": "CWE-696 Incorrect Behavior Order",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-08T22:45:30.565Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://jira.mariadb.org/browse/MDEV-32082"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52968",
"datePublished": "2025-03-08T00:00:00.000Z",
"dateReserved": "2025-03-08T00:00:00.000Z",
"dateUpdated": "2025-03-10T15:59:46.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52971 (GCVE-0-2023-52971)
Vulnerability from cvelistv5 – Published: 2025-03-08 00:00 – Updated: 2025-05-12 15:31
VLAI?
Summary
MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.
Severity ?
4.9 (Medium)
CWE
- CWE-1038 - Insecure Automated Optimizations
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T14:51:07.523280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T15:31:11.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "MariaDB",
"vendor": "MariaDB",
"versions": [
{
"lessThan": "10.11.*",
"status": "affected",
"version": "10.10",
"versionType": "custom"
},
{
"lessThan": "11.4.*",
"status": "affected",
"version": "11.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1038",
"description": "CWE-1038 Insecure Automated Optimizations",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-08T22:54:37.997Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://jira.mariadb.org/browse/MDEV-32084"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52971",
"datePublished": "2025-03-08T00:00:00.000Z",
"dateReserved": "2025-03-08T00:00:00.000Z",
"dateUpdated": "2025-05-12T15:31:11.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52969 (GCVE-0-2023-52969)
Vulnerability from cvelistv5 – Published: 2025-03-08 00:00 – Updated: 2025-11-03 19:28
VLAI?
Summary
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.
Severity ?
4.9 (Medium)
CWE
- CWE-1038 - Insecure Automated Optimizations
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T15:57:59.488189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T15:58:06.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:28:53.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "MariaDB",
"vendor": "MariaDB",
"versions": [
{
"lessThan": "10.5.*",
"status": "affected",
"version": "10.4",
"versionType": "custom"
},
{
"lessThan": "10.6.*",
"status": "affected",
"version": "10.6",
"versionType": "custom"
},
{
"lessThan": "10.11.*",
"status": "affected",
"version": "10.7",
"versionType": "custom"
},
{
"lessThan": "11.0.*",
"status": "affected",
"version": "11.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1038",
"description": "CWE-1038 Insecure Automated Optimizations",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-08T22:52:43.409Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://jira.mariadb.org/browse/MDEV-32083"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52969",
"datePublished": "2025-03-08T00:00:00.000Z",
"dateReserved": "2025-03-08T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:28:53.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-26785 (GCVE-0-2023-26785)
Vulnerability from cvelistv5 – Published: 2024-10-17 00:00 – Updated: 2024-10-20 23:39 Disputed
VLAI?
Summary
MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mariadb:mariadb:10.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mariadb",
"vendor": "mariadb",
"versions": [
{
"status": "affected",
"version": "10.5.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-26785",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T19:01:17.009266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T19:03:21.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a \"create function\" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-20T23:39:53.553Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Ant1sec-ops/CVE-2023-26785"
},
{
"url": "https://seclists.org/fulldisclosure/2012/Dec/39"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26785",
"datePublished": "2024-10-17T00:00:00.000Z",
"dateReserved": "2023-02-27T00:00:00.000Z",
"dateUpdated": "2024-10-20T23:39:53.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39593 (GCVE-0-2023-39593)
Vulnerability from cvelistv5 – Published: 2024-10-17 00:00 – Updated: 2024-10-20 23:41 Disputed
VLAI?
Summary
Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
Severity ?
5.6 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mariadb:mariadb:-:*:*:*:*:node.js:*:*"
],
"defaultStatus": "unknown",
"product": "mariadb",
"vendor": "mariadb",
"versions": [
{
"status": "affected",
"version": "10.5"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-39593",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T17:13:09.885638Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T17:19:30.016Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-20T23:41:10.199Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Ant1sec-ops/CVE-2023-39593"
},
{
"url": "https://seclists.org/fulldisclosure/2012/Dec/39"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-39593",
"datePublished": "2024-10-17T00:00:00.000Z",
"dateReserved": "2023-08-07T00:00:00.000Z",
"dateUpdated": "2024-10-20T23:41:10.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27766 (GCVE-0-2024-27766)
Vulnerability from cvelistv5 – Published: 2024-10-17 00:00 – Updated: 2024-10-20 23:34 Disputed
VLAI?
Summary
An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
Severity ?
5.7 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mariadb:mariadb:-:*:*:*:*:node.js:*:*"
],
"defaultStatus": "unknown",
"product": "mariadb",
"vendor": "mariadb",
"versions": [
{
"status": "affected",
"version": "11.1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27766",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T17:02:26.922682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T17:10:51.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-20T23:34:58.910Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Ant1sec-ops/CVE-2024-27766"
},
{
"url": "https://seclists.org/fulldisclosure/2012/Dec/39"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-27766",
"datePublished": "2024-10-17T00:00:00.000Z",
"dateReserved": "2024-02-26T00:00:00.000Z",
"dateUpdated": "2024-10-20T23:34:58.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2026-AVI-0088
Vulnerability from certfr_avis - Published: 2026-01-27 - Updated: 2026-01-27
Une vulnérabilité a été découverte dans MariaDB. Elle permet à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MariaDB versions 11.4.x ant\u00e9rieures \u00e0 11.4.10",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
},
{
"description": "MariaDB versions 10.11.x ant\u00e9rieures \u00e0 10.11.16",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
},
{
"description": "MariaDB versions 11.8.x ant\u00e9rieures \u00e0 11.8.6",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
},
{
"description": "MariaDB versions 12.2.x ant\u00e9rieures \u00e0 12.2.2",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21968"
}
],
"initial_release_date": "2026-01-27T00:00:00",
"last_revision_date": "2026-01-27T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0088",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans MariaDB. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans MariaDB",
"vendor_advisories": [
{
"published_at": "2026-01-26",
"title": "Bulletin de s\u00e9curit\u00e9 MariaDB security",
"url": "https://mariadb.com/docs/server/security/securing-mariadb/security"
}
]
}
CERTFR-2026-AVI-0028
Vulnerability from certfr_avis - Published: 2026-01-13 - Updated: 2026-01-13
De multiples vulnérabilités ont été découvertes dans MariaDB. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| MariaDB | MariaDB | MariaDB versions 10.11.x antérieures à 10.11.15 | ||
| MariaDB | MariaDB | MariaDB versions 11.8.x antérieures à 11.8.4 | ||
| MariaDB | MariaDB | MariaDB versions 10.6.x antérieures à 10.6.24 | ||
| MariaDB | MariaDB | MariaDB versions 11.7.x antérieures à 11.7.2 | ||
| MariaDB | MariaDB | MariaDB versions 11.4.x antérieures à 11.4.9 | ||
| MariaDB | MariaDB | MariaDB versions 10.5.x antérieures à 10.5.29 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MariaDB versions 10.11.x ant\u00e9rieures \u00e0 10.11.15",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
},
{
"description": "MariaDB versions 11.8.x ant\u00e9rieures \u00e0 11.8.4",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
},
{
"description": "MariaDB versions 10.6.x ant\u00e9rieures \u00e0 10.6.24",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
},
{
"description": "MariaDB versions 11.7.x ant\u00e9rieures \u00e0 11.7.2",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
},
{
"description": "MariaDB versions 11.4.x ant\u00e9rieures \u00e0 11.4.9",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
},
{
"description": "MariaDB versions 10.5.x ant\u00e9rieures \u00e0 10.5.29",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-13699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13699"
},
{
"name": "CVE-2025-21490",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21490"
},
{
"name": "CVE-2025-30722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30722"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
}
],
"initial_release_date": "2026-01-13T00:00:00",
"last_revision_date": "2026-01-13T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0028",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans MariaDB. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans MariaDB",
"vendor_advisories": [
{
"published_at": "2026-01-12",
"title": "Bulletin de s\u00e9curit\u00e9 MariaDB",
"url": "https://mariadb.com/docs/server/security/securing-mariadb/security"
}
]
}
CERTFR-2026-AVI-0004
Vulnerability from certfr_avis - Published: 2026-01-05 - Updated: 2026-01-05
Une vulnérabilité a été découverte dans MariaDB. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MariaDB versions 10.11.x ant\u00e9rieures \u00e0 10.11.15",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
},
{
"description": "MariaDB versions 11.8.x ant\u00e9rieures \u00e0 11.8.4",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
},
{
"description": "MariaDB versions 10.6.x ant\u00e9rieures \u00e0 10.6.24",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
},
{
"description": "MariaDB versions 11.4.x ant\u00e9rieures \u00e0 11.4.9",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-13699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13699"
}
],
"initial_release_date": "2026-01-05T00:00:00",
"last_revision_date": "2026-01-05T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0004",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans MariaDB. Elle permet \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Vuln\u00e9rabilit\u00e9 dans MariaDB",
"vendor_advisories": [
{
"published_at": "2026-01-05",
"title": "Bulletin de s\u00e9curit\u00e9 MariaDB",
"url": "https://mariadb.com/docs/server/security/securing-mariadb/security"
}
]
}
CERTFR-2025-AVI-0956
Vulnerability from certfr_avis - Published: 2025-11-03 - Updated: 2025-11-03
De multiples vulnérabilités ont été découvertes dans MariaDB. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| MariaDB | MariaDB | MariaDB versions antérieures à 11.2.4 | ||
| MariaDB | MariaDB | MariaDB versions antérieures à 11.7.2 | ||
| MariaDB | MariaDB | MariaDB versions antérieures à 10.5.29 | ||
| MariaDB | MariaDB | MariaDB versions antérieures à 11.4.6 | ||
| MariaDB | MariaDB | MariaDB versions antérieures à 11.1.5 | ||
| MariaDB | MariaDB | MariaDB versions antérieures à 10.11.8 | ||
| MariaDB | MariaDB | MariaDB versions antérieures à 11.0.6 | ||
| MariaDB | MariaDB | MariaDB versions antérieures à 10.6.22 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MariaDB versions ant\u00e9rieures \u00e0 11.2.4",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
},
{
"description": "MariaDB versions ant\u00e9rieures \u00e0 11.7.2",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
},
{
"description": "MariaDB versions ant\u00e9rieures \u00e0 10.5.29",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
},
{
"description": "MariaDB versions ant\u00e9rieures \u00e0 11.4.6",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
},
{
"description": "MariaDB versions ant\u00e9rieures \u00e0 11.1.5",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
},
{
"description": "MariaDB versions ant\u00e9rieures \u00e0 10.11.8",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
},
{
"description": "MariaDB versions ant\u00e9rieures \u00e0 11.0.6",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
},
{
"description": "MariaDB versions ant\u00e9rieures \u00e0 10.6.22",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-21096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21096"
},
{
"name": "CVE-2025-21490",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21490"
},
{
"name": "CVE-2025-30722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30722"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
}
],
"initial_release_date": "2025-11-03T00:00:00",
"last_revision_date": "2025-11-03T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0956",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans MariaDB. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans MariaDB",
"vendor_advisories": [
{
"published_at": "2025-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 MariaDB",
"url": "https://mariadb.com/docs/server/security/securing-mariadb/security"
}
]
}
CERTFR-2025-AVI-0373
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans MariaDB. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MariaDB versions 10.11.x ant\u00e9rieures \u00e0 10.11.12",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
},
{
"description": "MariaDB versions ant\u00e9rieures \u00e0 10.5.29",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
},
{
"description": "MariaDB versions 10.6.x ant\u00e9rieures \u00e0 10.6.22",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
},
{
"description": "MariaDB versions 11.4.x ant\u00e9rieures \u00e0 11.4.6",
"product": {
"name": "MariaDB",
"vendor": {
"name": "MariaDB",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-30722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30722"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0373",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans MariaDB. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans MariaDB",
"vendor_advisories": [
{
"published_at": "2025-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 MariaDB",
"url": "https://mariadb.com/kb/en/security/"
}
]
}
FKIE_CVE-2023-26785
Vulnerability from fkie_nvd - Published: 2024-10-17 22:15 - Updated: 2025-07-10 19:06
Severity ?
Summary
MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/Ant1sec-ops/CVE-2023-26785 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2012/Dec/39 | Mailing List |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mariadb:mariadb:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96582573-FE2D-4570-8CF8-274BA1BD74B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a \"create function\" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que MariaDB v10.5 conten\u00eda una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE)."
}
],
"id": "CVE-2023-26785",
"lastModified": "2025-07-10T19:06:29.667",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-10-17T22:15:02.743",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Ant1sec-ops/CVE-2023-26785"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://seclists.org/fulldisclosure/2012/Dec/39"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-39593
Vulnerability from fkie_nvd - Published: 2024-10-17 22:15 - Updated: 2025-07-10 19:09
Severity ?
Summary
Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/Ant1sec-ops/CVE-2023-39593 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2012/Dec/39 | Mailing List |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mariadb:mariadb:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96582573-FE2D-4570-8CF8-274BA1BD74B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed."
},
{
"lang": "es",
"value": "Los permisos inseguros en la funci\u00f3n sys_exec de Oracle MYSQL MariaDB v10.5 permiten a atacantes autenticados ejecutar comandos arbitrarios con privilegios elevados."
}
],
"id": "CVE-2023-39593",
"lastModified": "2025-07-10T19:09:33.110",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 4.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-10-17T22:15:02.847",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Ant1sec-ops/CVE-2023-39593"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://seclists.org/fulldisclosure/2012/Dec/39"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-27766
Vulnerability from fkie_nvd - Published: 2024-10-17 22:15 - Updated: 2025-07-10 19:12
Severity ?
Summary
An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/Ant1sec-ops/CVE-2024-27766 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2012/Dec/39 | Mailing List |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mariadb:mariadb:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E262A3C1-1F21-441D-A120-D9D973C8C3E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed."
},
{
"lang": "es",
"value": "Un problema en MYSQL MariaDB v.11.1 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n lib_mysqludf_sys.so."
}
],
"id": "CVE-2024-27766",
"lastModified": "2025-07-10T19:12:35.303",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 4.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-10-17T22:15:02.920",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Ant1sec-ops/CVE-2024-27766"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://seclists.org/fulldisclosure/2012/Dec/39"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}