Vulnerabilities (CVE)

Filtered by vendor Mariadb Subscribe
Total 402 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-0371 3 Canonical, Mariadb, Oracle 3 Ubuntu Linux, Mariadb, Mysql 2024-11-21 4.0 MEDIUM N/A
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.
CVE-2013-0368 3 Canonical, Mariadb, Oracle 3 Ubuntu Linux, Mariadb, Mysql 2024-11-21 4.0 MEDIUM N/A
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
CVE-2013-0367 3 Canonical, Mariadb, Oracle 3 Ubuntu Linux, Mariadb, Mysql 2024-11-21 4.0 MEDIUM N/A
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
CVE-2012-5627 2 Mariadb, Oracle 2 Mariadb, Mysql 2024-11-21 4.0 MEDIUM N/A
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
CVE-2012-5615 2 Mariadb, Oracle 2 Mariadb, Mysql 2024-11-21 5.0 MEDIUM N/A
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
CVE-2012-5614 3 Mariadb, Oracle, Redhat 7 Mariadb, Mysql, Enterprise Linux Desktop and 4 more 2024-11-21 4.0 MEDIUM N/A
Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.
CVE-2012-5613 3 Linux, Mariadb, Oracle 3 Linux Kernel, Mariadb, Mysql 2024-11-21 6.0 MEDIUM N/A
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.
CVE-2012-5612 4 Canonical, Mariadb, Oracle and 1 more 6 Ubuntu Linux, Mariadb, Mysql and 3 more 2024-11-21 6.5 MEDIUM N/A
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.
CVE-2012-5611 3 Linux, Mariadb, Oracle 3 Linux Kernel, Mariadb, Mysql 2024-11-21 6.5 MEDIUM N/A
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
CVE-2012-5096 3 Canonical, Mariadb, Oracle 3 Ubuntu Linux, Mariadb, Mysql 2024-11-21 3.5 LOW N/A
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.
CVE-2012-5060 3 Canonical, Mariadb, Oracle 3 Ubuntu Linux, Mariadb, Mysql 2024-11-21 6.8 MEDIUM N/A
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
CVE-2012-4414 2 Mariadb, Oracle 2 Mariadb, Mysql 2024-11-21 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.
CVE-2012-3197 5 Canonical, Debian, Mariadb and 2 more 8 Ubuntu Linux, Debian Linux, Mariadb and 5 more 2024-11-21 3.5 LOW N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
CVE-2012-3180 5 Canonical, Debian, Mariadb and 2 more 8 Ubuntu Linux, Debian Linux, Mariadb and 5 more 2024-11-21 4.0 MEDIUM N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
CVE-2012-3177 5 Canonical, Debian, Mariadb and 2 more 9 Ubuntu Linux, Debian Linux, Mariadb and 6 more 2024-11-21 6.8 MEDIUM N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server.
CVE-2012-3173 5 Canonical, Debian, Mariadb and 2 more 8 Ubuntu Linux, Debian Linux, Mariadb and 5 more 2024-11-21 4.0 MEDIUM N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.
CVE-2012-3167 5 Canonical, Debian, Mariadb and 2 more 8 Ubuntu Linux, Debian Linux, Mariadb and 5 more 2024-11-21 3.5 LOW N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.
CVE-2012-3166 5 Canonical, Debian, Mariadb and 2 more 9 Ubuntu Linux, Debian Linux, Mariadb and 6 more 2024-11-21 4.0 MEDIUM N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
CVE-2012-3163 6 Canonical, Debian, F5 and 3 more 21 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 18 more 2024-11-21 9.0 HIGH N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
CVE-2012-3160 5 Canonical, Debian, Mariadb and 2 more 8 Ubuntu Linux, Debian Linux, Mariadb and 5 more 2024-11-21 2.1 LOW N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.