Home/Product/mariadb
Product

mariadb

408 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-32710
>= 11.4.1 and < 11.4.10
MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10
8.5HIGH
 CVE-2026-3494
<= 10.6.24
In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QU
4.3MEDIUM
 CVE-2025-56404
all versions
An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via the SSE service as the SSE servi
7.5HIGH
 CVE-2024-27766
all versions
An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is
5.7MEDIUM
 CVE-2023-39593
all versions
Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with e
5.6MEDIUM
 CVE-2023-26785
all versions
MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed
9.8CRITICAL
 CVE-2023-22084
>= 10.4.0 and < 10.4.32
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 an
4.9MEDIUM
 CVE-2023-5157
< 10.3.36
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a deni
7.5HIGH
 CVE-2023-40354
< 2.5.28
An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a "maxctrl create service" comm
6.5MEDIUM
 CVE-2022-47015
>= 10.3.0 and < 10.3.39
MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_w
6.5MEDIUM
 CVE-2022-21595
>= 10.2.0 and < 10.2.42
Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and
4.4MEDIUM
 CVE-2022-38791
>= 10.3.0 and < 10.3.36
In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failu
5.5MEDIUM
 CVE-2022-32091
>= 10.3.0 and < 10.3.36
MariaDB v10.7 was discovered to contain an use-after-poison in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer
7.5HIGH
 CVE-2022-32089
>= 10.4.0 and < 10.4.26
MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.
7.5HIGH
 CVE-2022-32088
>= 10.2.0 and < 10.2.44
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_trac
7.5HIGH
 CVE-2022-32087
>= 10.3.0 and < 10.3.35
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.
7.5HIGH
 CVE-2022-32086
>= 10.4.0 and < 10.4.25
MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.
7.5HIGH
 CVE-2022-32085
>= 10.2.0 and < 10.2.44
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_proces
7.5HIGH
 CVE-2022-32084
>= 10.3.0 and < 10.3.36
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.
7.5HIGH
 CVE-2022-32083
>= 10.2.0 and < 10.2.44
MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.
7.5HIGH
 CVE-2022-32082
>= 10.5.0 and < 10.5.17
MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table-get_ref_count() == 0 in dict0dict.cc.
7.5HIGH
 CVE-2022-32081
>= 10.4.0 and < 10.4.26
MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/h
7.5HIGH
 CVE-2022-31624
< 10.2.41
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_s
5.5MEDIUM
 CVE-2022-31623
< 10.2.42
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., go
5.5MEDIUM
 CVE-2022-31622
< 10.2.42
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_
5.5MEDIUM
 CVE-2022-31621
< 10.2.41
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_c
5.5MEDIUM
 CVE-2022-21451
>= 10.2.0 and < 10.2.38
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and
4.4MEDIUM
 CVE-2022-21427
>= 10.2.0 and < 10.2.44
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.3
4.9MEDIUM
 CVE-2022-27457
>= 10.4.0 and < 10.4.25
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-la
7.5HIGH
 CVE-2022-27456
>= 10.3.0 and < 10.3.35
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.
7.5HIGH
 CVE-2022-27455
>= 10.4.0 and < 10.4.25
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/cty
7.5HIGH
 CVE-2022-27452
>= 10.3.0 and < 10.3.35
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.
7.5HIGH
 CVE-2022-27451
>= 10.4.0 and < 10.4.25
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.
7.5HIGH
 CVE-2022-27449
< 10.3.35
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.
7.5HIGH
 CVE-2022-27448
>= 10.3.0 and < 10.3.35
There is an Assertion failure in MariaDB Server v10.9 and below via 'node-pcur-rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.
7.5HIGH
 CVE-2022-27447
>= 10.3.0 and < 10.3.35
MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/s
7.5HIGH
 CVE-2022-27446
>= 10.4.0 and < 10.4.25
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.
7.5HIGH
 CVE-2022-27445
>= 10.2.0 and < 10.2.44
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.
7.5HIGH
 CVE-2022-27444
>= 10.4.0 and < 10.4.25
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.
7.5HIGH
 CVE-2022-27387
>= 10.2.0 and < 10.2.44
MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is expl
7.5HIGH
 CVE-2022-27386
>= 10.2.0 and < 10.2.44
MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.
7.5HIGH
 CVE-2022-27385
< 10.3.32
An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was disc
7.5HIGH
 CVE-2022-27384
>= 10.2.0 and < 10.2.44
An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attack
7.5HIGH
 CVE-2022-27383
>= 10.2.0 and < 10.2.44
MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited
7.5HIGH
 CVE-2022-27382
>= 10.4.0 and < 10.4.25
MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_dep
7.5HIGH
 CVE-2022-27381
>= 10.2.0 and < 10.2.44
An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial
7.5HIGH
 CVE-2022-27380
>= 10.2.0 and < 10.2.44
An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a D
7.5HIGH
 CVE-2022-27379
>= 10.3.0 and < 10.3.35
An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers
7.5HIGH
 CVE-2022-27378
>= 10.2.0 and < 10.2.44
An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause
7.5HIGH
 CVE-2022-27377
>= 10.2.0 and < 10.2.44
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is ex
7.5HIGH
 CVE-2022-27376
>= 10.3.0 and < 10.3.35
MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploi
7.5HIGH
 CVE-2018-25032
>= 10.3.0 and < 10.3.36
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
7.5HIGH
 CVE-2022-0778
>= 10.2.0 and < 10.2.42
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime m
7.5HIGH
 CVE-2022-24052
>= 10.2.0 and < 10.2.42
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local atta
7.8HIGH
 CVE-2022-24051
>= 10.2.0 and < 10.2.42
MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to esca
7.8HIGH
 CVE-2022-24050
>= 10.2.0 and < 10.2.42
MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to esc
7.8HIGH
 CVE-2022-24048
>= 10.2.0 and < 10.2.42
MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local att
7.8HIGH
 CVE-2021-46669
< 10.2.44
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
7.5HIGH
 CVE-2021-46668
>= 10.2.0 and < 10.2.43
MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with stora
5.5MEDIUM
 CVE-2021-46667
< 10.2.41
MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.
5.5MEDIUM
 CVE-2021-46666
< 10.2.39
MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.
5.5MEDIUM
 CVE-2021-46665
>= 10.2.0 and < 10.2.43
MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.
5.5MEDIUM
 CVE-2021-46664
>= 10.2.0 and < 10.2.43
MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.
5.5MEDIUM
 CVE-2021-46663
>= 10.2.41 and < 10.2.43
MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.
5.5MEDIUM
 CVE-2021-46662
>= 10.3.0 and < 10.3.32
MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested
5.5MEDIUM
 CVE-2021-46661
>= 10.2.0 and < 10.2.43
MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expre
5.5MEDIUM
 CVE-2021-46659
>= 5.5.0 and < 10.2.42
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.
5.5MEDIUM
 CVE-2021-46658
>= 10.2.0 and < 10.2.40
save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func
5.5MEDIUM
 CVE-2021-46657
>= 5.5.20 and <= 5.5.68
get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.
5.5MEDIUM
 CVE-2021-35604
>= 10.2.0 and < 10.2.41
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and
5.5MEDIUM
 CVE-2021-2389
>= 10.2.0 and < 10.2.40
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and
5.9MEDIUM
 CVE-2021-2372
> 10.2.0 and < 10.2.40
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and
4.4MEDIUM
 CVE-2020-15180
>= 10.1.0 and < 10.1.47
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in wsrep_sst_method allows for command inje
9.0CRITICAL
 CVE-2021-2194
>= 10.2.0 and < 10.2.35
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and
4.9MEDIUM
 CVE-2021-2180
>= 10.2.0 and < 10.2.38
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and
4.9MEDIUM
 CVE-2021-2174
>= 10.2.0 and < 10.2.18
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and
4.4MEDIUM
 CVE-2021-2166
>= 10.2.0 and < 10.2.38
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.3
4.9MEDIUM
 CVE-2021-2154
>= 10.2.0 and < 10.2.38
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.3
4.9MEDIUM
 CVE-2021-2144
>= 5.5.0 and < 5.5.66
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.
7.2HIGH
 CVE-2021-27928
>= 10.2 and < 10.2.37
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 be
7.2HIGH
 CVE-2021-2032
>= 10.0.0 and < 10.0.11
Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected ar
4.3MEDIUM
 CVE-2021-2022
>= 10.1.0 and < 10.1.46
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and
4.4MEDIUM
 CVE-2021-2011
>= 5.5.0 and < 5.5.61
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and
5.9MEDIUM
 CVE-2021-2007
>= 5.5.0 and < 5.5.65
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and
3.7LOW
 CVE-2020-28912
< 10.1.48
With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user
7.0HIGH
 CVE-2020-14812
>= 10.1.0 and < 10.1.48
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5
4.9MEDIUM
 CVE-2020-14789
>= 10.2.0 and < 10.2.35
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.3
4.9MEDIUM
 CVE-2020-14776
>= 10.2.0 and < 10.2.35
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and
4.9MEDIUM
 CVE-2020-14765
>= 10.1.0 and < 10.1.48
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.4
6.5MEDIUM
 CVE-2020-14550
>= 5.5.0 and < 5.5.61
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and
5.3MEDIUM
 CVE-2020-13249
< 3.1.8
libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from
8.8HIGH
 CVE-2020-2922
>= 5.5.0 and < 5.5.65
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and
3.7LOW
 CVE-2020-2814
>= 10.1.0 and < 10.1.45
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and
4.9MEDIUM
 CVE-2020-2812
>= 5.5.0 and < 5.5.68
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affec
4.9MEDIUM
 CVE-2020-2780
>= 5.5.0 and < 5.5.66
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.4
6.5MEDIUM
 CVE-2020-2760
>= 10.2.0 and < 10.2.32
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and
5.5MEDIUM
 CVE-2020-2752
>= 5.5.0 and < 5.5.68
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and
5.3MEDIUM
 CVE-2020-7221
>= 10.4.7 and <= 10.4.11
mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown a
7.8HIGH
 CVE-2020-2574
>= 5.5.0 and < 5.5.67
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and
5.9MEDIUM
 CVE-2015-2326
>= 10.0.0 and < 10.0.18
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of
5.5MEDIUM
 CVE-2015-2325
< 10.0.18
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of se
7.8HIGH
 CVE-2019-2974
>= 5.5.0 and < 5.5.66
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are
6.5MEDIUM
 CVE-2019-2938
>= 10.2.0 and < 10.2.28
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and
4.4MEDIUM
 CVE-2019-2805
>= 5.5.0 and < 5.5.65
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected a
6.5MEDIUM
 CVE-2019-2758
>= 10.2.0 and < 10.2.26
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.2
5.5MEDIUM
 CVE-2019-2740
>= 5.5.0 and < 5.5.65
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are
6.5MEDIUM
 CVE-2019-2739
>= 5.5.0 and < 5.5.65
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that
5.1MEDIUM
 CVE-2019-2737
>= 5.5.0 and < 5.5.65
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are a
4.9MEDIUM
 CVE-2019-2628
>= 10.2.0 and < 10.2.24
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.2
4.9MEDIUM
 CVE-2019-2627
>= 5.5.0 and < 5.5.64
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that
4.9MEDIUM
 CVE-2019-2614
>= 5.5.0 and < 5.5.64
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affec
4.4MEDIUM
 CVE-2019-2537
>= 10.0.0 and < 10.0.38
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are
4.9MEDIUM
 CVE-2019-2529
>= 5.5.0 and < 5.5.63
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
6.5MEDIUM
 CVE-2019-2510
>= 10.2.0 and < 10.2.22
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.2
4.9MEDIUM
 CVE-2019-2503
>= 5.5.0 and < 5.5.62
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that a
6.4MEDIUM
 CVE-2019-2481
>= 5.5.0 and < 5.5.37
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9MEDIUM
 CVE-2019-2455
>= 5.5.0 and < 5.5.60
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected a
6.5MEDIUM
 CVE-2018-3284
>= 10.2.0 and < 10.2.19
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.2
4.4MEDIUM
 CVE-2018-3282
>= 5.5.0 and < 5.5.62
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are a
4.9MEDIUM
 CVE-2018-3277
>= 10.2.0 and < 10.2.19
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.2
4.9MEDIUM
 CVE-2018-3251
>= 10.0.0 and < 10.0.37
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.4
6.5MEDIUM
 CVE-2018-3200
>= 10.2.0 and < 10.2.19
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.2
4.9MEDIUM
 CVE-2018-3185
>= 10.2.0 and < 10.2.19
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.2
5.5MEDIUM
 CVE-2018-3174
>= 5.5.0 and < 5.5.62
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected
5.3MEDIUM
 CVE-2018-3173
>= 10.2.0 and < 10.2.19
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.2
4.9MEDIUM
 CVE-2018-3162
>= 10.2.0 and < 10.2.19
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.2
4.9MEDIUM
 CVE-2018-3156
>= 10.0.0 and < 10.0.37
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.4
6.5MEDIUM
 CVE-2018-3143
>= 10.0.0 and < 10.0.37
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.4
6.5MEDIUM
 CVE-2018-3133
>= 5.5.0 and < 5.5.59
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected a
6.5MEDIUM
 CVE-2018-3081
>= 5.5.0 and < 5.5.61
Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected
5.0MEDIUM
 CVE-2018-3066
>= 5.5.0 and < 5.5.61
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected
3.3LOW
 CVE-2018-3064
>= 10.0.0 and < 10.0.36
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.4
7.1HIGH
 CVE-2018-3063
>= 5.5.0 and < 5.5.61
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that
4.9MEDIUM
 CVE-2018-3060
>= 10.2.0 and < 10.2.17
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.2
6.5MEDIUM
 CVE-2018-3058
>= 5.5.0 and < 5.5.61
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.6
4.3MEDIUM
 CVE-2018-2767
>= 5.5.0 and < 5.5.60
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that
3.1LOW
 CVE-2017-16046
all versions
mariadb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
7.5HIGH
 CVE-2018-2819
>= 5.5.0 and < 5.5.60
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.5
6.5MEDIUM
 CVE-2018-2817
>= 5.5.0 and < 5.5.60
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are
6.5MEDIUM
 CVE-2018-2813
>= 5.5.0 and < 5.5.60
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are
4.3MEDIUM
 CVE-2018-2810
>= 10.2.0 and < 10.2.15
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.2
4.9MEDIUM
 CVE-2018-2787
>= 10.0.0 and < 10.0.35
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.3
5.5MEDIUM
 CVE-2018-2786
>= 10.2.0 and < 10.2.15
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.2
5.5MEDIUM
 CVE-2018-2784
>= 10.0.0 and < 10.0.35
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.3
6.5MEDIUM
 CVE-2018-2782
>= 10.0.0 and < 10.0.35
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.3
6.5MEDIUM
 CVE-2018-2781
>= 5.5.0 and < 5.5.60
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
4.9MEDIUM
 CVE-2018-2777
>= 10.2.0 and < 10.2.15
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.2
4.9MEDIUM
 CVE-2018-2771
>= 5.5.0 and < 5.5.60
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected
4.4MEDIUM
 CVE-2018-2766
>= 10.0.0 and < 10.0.35
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.3
4.9MEDIUM
 CVE-2018-2761
>= 5.5.0 and < 5.5.60
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected
5.9MEDIUM
 CVE-2018-2759
>= 10.2.0 and < 10.2.15
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.2
4.9MEDIUM
 CVE-2018-2755
>= 5.5.0 and < 5.5.60
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affec
7.7HIGH
 CVE-2017-15365
< 10.1.30
sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and
8.8HIGH
 CVE-2018-2668
>= 5.5.0 and < 5.5.59
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
6.5MEDIUM
 CVE-2018-2665
>= 5.5.0 and < 5.5.59
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
6.5MEDIUM
 CVE-2018-2640
>= 5.5.0 and < 5.5.59
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
6.5MEDIUM
 CVE-2018-2622
>= 5.5.0 and < 5.5.59
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are
6.5MEDIUM
 CVE-2018-2612
>= 10.0.0 and < 10.0.34
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.3
6.5MEDIUM
 CVE-2018-2562
>= 5.5.0 and < 5.5.59
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affect
7.1HIGH
 CVE-2017-15945
< 10.0.30
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/maria
7.8HIGH
 CVE-2017-10384
>= 5.5.0 and < 5.5.57
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are
6.5MEDIUM
 CVE-2017-10379
>= 5.5.0 and < 5.5.57
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected
6.5MEDIUM
 CVE-2017-10378
>= 5.5.0 and < 5.5.58
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
6.5MEDIUM
 CVE-2017-10365
>= 10.2.0 and < 10.2.8
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected a
3.8LOW
 CVE-2017-10320
>= 10.2.0 and < 10.2.8
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected a
4.9MEDIUM
 CVE-2017-10286
>= 10.0.0 and < 10.0.32
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected a
4.4MEDIUM
 CVE-2017-10268
>= 5.5.0 and < 5.5.58
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affec
4.1MEDIUM
 CVE-2017-3653
>= 5.5.0 and < 5.5.57
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are
3.1LOW
 CVE-2017-3651
>= 5.5.0 and < 5.5.53
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected
4.3MEDIUM
 CVE-2017-3641
>= 5.5.0 and < 5.5.57
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are
4.9MEDIUM
 CVE-2017-3636
>= 5.5.0 and < 5.5.57
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected
5.3MEDIUM
 CVE-2016-9843
>= 5.5.0 and < 5.5.62
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors inv
9.8CRITICAL
 CVE-2017-3600
>= 5.5.0 and < 5.5.53
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected
6.6MEDIUM
 CVE-2017-3464
>= 5.5.0 and < 5.5.55
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are
4.3MEDIUM
 CVE-2017-3456
>= 5.5.0 and < 5.5.55
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are
4.9MEDIUM
 CVE-2017-3453
>= 5.5.0 and < 5.5.55
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
6.5MEDIUM
 CVE-2017-3309
>= 5.5.0 and < 5.5.55
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
7.7HIGH
 CVE-2017-3308
>= 5.5.0 and < 5.5.55
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are
7.7HIGH
 CVE-2017-3302
<= 5.5.54
Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29
7.5HIGH
 CVE-2017-3318
>= 5.5.0 and < 5.5.54
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are af
4.0MEDIUM
 CVE-2017-3317
>= 5.5.0 and < 5.5.54
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.
4.0MEDIUM
 CVE-2017-3313
>= 5.5.0 and < 5.5.55
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected a
4.7MEDIUM
 CVE-2017-3312
>= 5.5.0 and < 5.5.54
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affecte
6.7MEDIUM
 CVE-2017-3291
>= 5.5.0 and < 5.5.54
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affecte
6.3MEDIUM
 CVE-2017-3265
>= 5.5.0 and < 5.5.54
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affecte
5.6MEDIUM
 CVE-2017-3258
>= 5.5.0 and < 5.5.54
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are
6.5MEDIUM
 CVE-2017-3257
>= 10.0.0 and < 10.0.29
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected a
6.5MEDIUM
 CVE-2017-3244
>= 5.5.0 and < 5.5.54
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are
6.5MEDIUM
 CVE-2017-3243
>= 5.5.0 and < 5.5.54
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected
4.4MEDIUM
 CVE-2017-3238
>= 5.5.0 and < 5.5.54
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affecte
6.5MEDIUM
 CVE-2016-6664
>= 5.5.0 and < 5.5.54
mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-
7.0HIGH
 CVE-2016-6663
>= 5.5.20 and < 5.5.52
Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.5
7.0HIGH
 CVE-2016-7440
>= 5.5.0 and < 5.5.53
The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for loca
5.5MEDIUM
 CVE-2016-8283
>= 5.5.20 and < 5.5.52
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticat
4.3MEDIUM
 CVE-2016-5630
>= 10.0.0 and < 10.0.27
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availab
4.9MEDIUM
 CVE-2016-5629
>= 5.5.0 and < 5.5.52
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrat
4.9MEDIUM
 CVE-2016-5626
>= 5.5.0 and < 5.5.52
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticat
6.5MEDIUM
 CVE-2016-5624
>= 5.5.0 and < 5.5.52
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors
6.5MEDIUM
 CVE-2016-5612
>= 5.5.0 and < 5.5.51
Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticat
6.5MEDIUM
 CVE-2016-5584
>= 5.5.0 and < 5.5.53
Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrat
4.4MEDIUM
 CVE-2016-3492
>= 5.5.0 and < 5.5.52
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticat
6.5MEDIUM
 CVE-2016-6662
>= 5.5.20 and < 5.5.51
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.
9.8CRITICAL
 CVE-2016-5444
>= 5.5.20 and < 5.5.49
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49
3.7LOW
 CVE-2016-5440
>= 5.5.20 and < 5.5.50
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50
4.9MEDIUM
 CVE-2016-3615
>= 5.5.20 and < 5.5.50
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50
5.3MEDIUM
 CVE-2016-3521
>= 5.5.20 and < 5.5.50
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50
6.5MEDIUM
 CVE-2016-3477
>= 5.5.20 and < 5.5.50
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50
8.1HIGH
 CVE-2016-3471
>= 5.5.0 and < 5.5.46
Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality,
7.5HIGH
 CVE-2016-3459
>= 10.0.0 and < 10.0.25
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x b
4.9MEDIUM
 CVE-2016-3452
>= 5.5.20 and < 5.5.49
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49
3.7LOW
 CVE-2015-3152
>= 5.5.0 and < 5.5.44
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl opt
5.9MEDIUM
 CVE-2016-0668
>= 10.0.0 and < 10.0.24
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x b
4.1MEDIUM
 CVE-2016-0666
>= 5.5.20 and < 5.5.49
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49
5.5MEDIUM
 CVE-2016-0655
>= 10.0.0 and < 10.0.25
Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x b
4.7MEDIUM
 CVE-2016-0651
>= 5.5.0 and < 5.5.47
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Opti
5.5MEDIUM
 CVE-2016-0650
>= 5.5.20 and < 5.5.48
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48
5.5MEDIUM
 CVE-2016-0649
>= 5.5.20 and < 5.5.48
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48
5.5MEDIUM
 CVE-2016-0648
>= 5.5.20 and < 5.5.49
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49
5.5MEDIUM
 CVE-2016-0647
>= 5.5.20 and < 5.5.49
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49
5.5MEDIUM
 CVE-2016-0646
>= 5.5.20 and < 5.5.48
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48
5.5MEDIUM
 CVE-2016-0644
>= 5.5.20 and < 5.5.48
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48
5.5MEDIUM
 CVE-2016-0643
>= 5.5.20 and < 5.5.49
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49
3.3LOW
 CVE-2016-0642
>= 5.5.0 and < 5.5.47
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to aff
4.7MEDIUM
 CVE-2016-0641
>= 5.5.20 and <= 5.5.47
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48
5.1MEDIUM
 CVE-2016-0640
>= 5.5.20 and < 5.5.48
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48
6.1MEDIUM
 CVE-2016-2047
>= 5.5.20 and < 5.5.47
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1
5.9MEDIUM
 CVE-2015-7744
>= 5.5.0 and < 5.5.46
wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process
5.9MEDIUM
 CVE-2016-0616
<= 5.5.46
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 1
 CVE-2016-0610
<= 5.5.46
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote aut
 CVE-2016-0609
>= 5.5.20 and < 5.5.47
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x befo
 CVE-2016-0608
>= 5.5.20 and < 5.5.47
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x befo
 CVE-2016-0606
>= 5.5.20 and < 5.5.47
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x befo
 CVE-2016-0600
>= 5.5.20 and < 5.5.47
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x befo
 CVE-2016-0598
>= 5.5.20 and < 5.5.47
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x befo
 CVE-2016-0597
>= 5.5.20 and < 5.5.47
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x befo
 CVE-2016-0596
>= 5.5.20 and < 5.5.47
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.
 CVE-2016-0546
>= 5.5.20 and < 5.5.47
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x befo
 CVE-2016-0505
>= 5.5.20 and < 5.5.47
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x befo
 CVE-2016-0502
>= 5.5.0 and < 5.5.32
Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect av
6.5MEDIUM
 CVE-2015-4913
>= 5.5.0 and < 5.5.46
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to af
 CVE-2015-4895
>= 10.0.0 and < 10.0.21
Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via u
 CVE-2015-4879
>= 5.5.0 and < 5.5.45
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to
 CVE-2015-4870
>= 5.5.0 and < 5.5.46
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to
 CVE-2015-4866
>= 10.0.0 and < 10.0.18
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via u
 CVE-2015-4864
>= 5.5.0 and < 5.5.44
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to af
 CVE-2015-4861
>= 5.5.0 and < 5.5.46
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to
 CVE-2015-4858
>= 5.5.0 and < 5.5.46
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to
 CVE-2015-4836
>= 5.5.0 and < 5.5.46
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to
 CVE-2015-4830
>= 5.5.0 and < 5.5.46
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to af
 CVE-2015-4826
>= 5.5.0 and < 5.5.46
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to af
 CVE-2015-4819
>= 5.5.0 and < 5.5.45
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confiden
 CVE-2015-4816
>= 5.5.0 and < 5.5.45
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via u
 CVE-2015-4815
>= 5.5.0 and < 5.5.46
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to af
 CVE-2015-4807
>= 5.5.0 and < 5.5.46
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote
 CVE-2015-4802
>= 5.5.0 and < 5.5.46
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to af
 CVE-2015-4792
>= 5.5.0 and < 5.5.46
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to af
 CVE-2015-4757
>= 5.5.0 and < 5.5.43
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to af
 CVE-2015-4752
>= 5.5.0 and < 5.5.44
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to af
 CVE-2015-2648
>= 5.5.0 and < 5.5.44
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to af
 CVE-2015-2643
>= 5.5.0 and < 5.5.44
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to af
 CVE-2015-2620
>= 5.5.0 and < 5.5.44
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to af
 CVE-2015-2582
>= 5.5.0 and < 5.5.44
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to af
 CVE-2015-2573
>= 5.5.0 and < 5.5.42
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to
 CVE-2015-2571
>= 5.5.0 and < 5.5.43
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to
 CVE-2015-2568
>= 5.5.0 and < 5.5.42
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect ava
 CVE-2015-0505
>= 5.5.0 and < 5.5.43
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to
 CVE-2015-0501
>= 5.5.0 and < 5.5.43
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to
 CVE-2015-0499
>= 5.5.0 and < 5.5.43
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to
 CVE-2015-0441
>= 5.5.0 and < 5.5.42
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to
 CVE-2015-0433
>= 5.5.0 and < 5.5.42
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to
 CVE-2015-0432
>= 5.5.0 and < 5.5.41
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via v
 CVE-2015-0411
>= 5.5.0 and < 5.5.41
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect con
 CVE-2015-0391
>= 5.5.0 and < 5.5.39
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to
 CVE-2015-0382
>= 5.5.0 and < 5.5.41
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect avail
 CVE-2015-0381
>= 5.5.0 and < 5.5.41
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect avail
 CVE-2015-0374
>= 5.5.0 and < 5.5.41
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to af
 CVE-2014-6568
>= 5.5.0 and < 5.5.41
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to
 CVE-2014-8964
>= 10.0.0 and < 10.0.18
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other uns
 CVE-2014-6564
>= 10.0.0 and < 10.0.13
Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via v
 CVE-2014-6559
>= 5.5.0 and < 5.5.40
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect con
 CVE-2014-6555
>= 5.5.0 and < 5.5.40
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to af
 CVE-2014-6551
>= 5.5.0 and < 5.5.39
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidenti
 CVE-2014-6530
>= 5.5.0 and < 5.5.39
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to
 CVE-2014-6520
>= 5.5.0 and < 5.5.39
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via v
 CVE-2014-6507
>= 5.5.0 and < 5.5.40
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to
 CVE-2014-6505
>= 5.5.0 and < 5.5.39
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to
 CVE-2014-6500
>= 5.5.0 and < 5.5.40
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect con
 CVE-2014-6496
>= 5.5.0 and < 5.5.40
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect ava
 CVE-2014-6495
>= 5.5.0 and < 5.5.39
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect ava
 CVE-2014-6494
>= 5.5.0 and < 5.5.40
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect ava
 CVE-2014-6491
>= 5.5.0 and < 5.5.40
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confi
 CVE-2014-6489
>= 10.0.0 and < 10.0.13
Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and avai
 CVE-2014-6484
>= 5.5.0 and < 5.5.39
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to
 CVE-2014-6478
>= 5.5.0 and < 5.5.39
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect int
 CVE-2014-6474
>= 10.0.0 and < 10.0.13
Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via v
 CVE-2014-6469
>= 5.5.0 and < 5.5.40
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to af
 CVE-2014-6464
>= 5.5.0 and < 5.5.40
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to af
 CVE-2014-6463
>= 5.5.0 and < 5.5.39
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to af
 CVE-2014-4287
>= 5.5.0 and < 5.5.39
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to af
 CVE-2014-4274
>= 5.5.0 and < 5.5.39
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidenti
 CVE-2014-4260
>= 5.5.0 and < 5.5.38
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote
 CVE-2014-4258
>= 5.5.0 and < 5.5.38
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote au
 CVE-2014-4243
>= 5.5.0 and < 5.5.36
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote au
 CVE-2014-4207
>= 5.5.0 and < 5.5.38
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to af
 CVE-2014-2494
>= 5.5.0 and < 5.5.38
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to af
 CVE-2014-3470
>= 10.0.0 and < 10.0.13
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, w
 CVE-2014-0224
>= 10.0.0 and < 10.0.13
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec mes
7.4HIGH
 CVE-2014-0221
>= 10.0.0 and < 10.0.13
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allow
 CVE-2014-0195
>= 10.0.0 and < 10.0.13
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does n
 CVE-2014-0198
>= 10.0.0 and < 10.0.13
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly
 CVE-2014-2440
>= 5.5.0 and < 5.5.37
Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote at
 CVE-2014-2438
>= 5.5.0 and < 5.5.36
Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to af
 CVE-2014-2436
>= 5.5.0 and < 5.5.37
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to af
 CVE-2014-2432
>= 5.5.0 and < 5.5.36
Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated
 CVE-2014-2431
>= 5.5.0 and < 5.5.37
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect avail
 CVE-2014-2430
>= 5.5.0 and < 5.5.37
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to af
 CVE-2014-2419
>= 5.5.0 and < 5.5.36
Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to af
 CVE-2014-0384
>= 5.5.0 and < 5.5.36
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote au
 CVE-2010-5298
>= 10.0.0 and < 10.0.13
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, al
 CVE-2014-0001
<= 5.5.34
Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of s
 CVE-2014-0437
>= 5.5.0 and < 5.5.35
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and ear
 CVE-2014-0420
>= 5.5.0 and < 5.5.35
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote
 CVE-2014-0412
>= 5.5.0 and < 5.5.35
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and ear
 CVE-2014-0402
>= 5.5.0 and < 5.5.34
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and ear
 CVE-2014-0401
>= 5.5.0 and < 5.5.35
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and ear
 CVE-2014-0393
>= 5.5.0 and < 5.5.34
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and ear
 CVE-2014-0386
>= 5.5.0 and < 5.5.34
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and ear
 CVE-2013-5908
>= 5.5.0 and < 5.5.35
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and ear
 CVE-2013-5891
>= 5.5.0 and < 5.5.34
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote au
 CVE-2013-5807
>= 5.5.0 and < 5.5.33
Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users t
 CVE-2013-3839
>= 5.5.0 and < 5.5.33
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and ear
 CVE-2012-5627
>= 5.2.0 and < 5.2.14
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multipl
 CVE-2013-3812
>= 5.5.0 and < 5.5.32
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote au
 CVE-2013-3809
>= 5.5.0 and < 5.5.32
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote au
 CVE-2013-3808
>= 5.5.0 and < 5.5.31
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows
 CVE-2013-3805
>= 5.5.0 and < 5.5.31
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated
 CVE-2013-3804
>= 5.5.0 and < 5.5.32
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and ear
 CVE-2013-3802
>= 5.5.0 and < 5.5.32
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and ear
 CVE-2013-3801
>= 5.5.0 and < 5.5.31
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated
 CVE-2013-3794
>= 5.5.0 and < 5.5.31
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated
 CVE-2013-3793
>= 5.5.0 and < 5.5.32
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote au
 CVE-2013-3783
>= 5.5.0 and < 5.5.32
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to af
 CVE-2013-2392
>= 5.5.0 and < 5.5.31
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticat
 CVE-2013-2391
>= 5.5.0 and < 5.5.31
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to aff
 CVE-2013-2389
>= 5.5.0 and < 5.5.31
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticat
 CVE-2013-2378
>= 5.5.0 and < 5.5.30
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticat
 CVE-2013-2376
>= 5.5.0 and < 5.5.31
Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect av
 CVE-2013-2375
>= 5.5.0 and < 5.5.31
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticat
 CVE-2013-1555
>= 5.5.0 and < 5.5.30
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect
 CVE-2013-1552
>= 5.5.0 and < 5.5.30
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect co
 CVE-2013-1548
>= 5.1.0 and < 5.1.66
Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown
 CVE-2013-1544
>= 5.5.0 and < 5.5.31
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticat
 CVE-2013-1532
>= 5.5.0 and < 5.5.31
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticat
 CVE-2013-1531
>= 5.1.0 and < 5.1.67
Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect co
 CVE-2013-1526
>= 5.5.0 and < 5.5.30
Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown
 CVE-2013-1523
>= 5.5.0 and < 5.5.30
Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect co
 CVE-2013-1521
>= 5.5.0 and < 5.5.30
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect co
 CVE-2013-1512
>= 5.5.0 and < 5.5.30
Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown
 CVE-2013-1511
>= 5.5.0 and < 5.5.31
Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect av
 CVE-2013-1506
>= 5.5.0 and < 5.5.30
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticat
 CVE-2013-1502
>= 5.5.0 and < 5.5.31
Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via u
 CVE-2013-1861
>= 5.5.0 and < 5.5.32
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlie
 CVE-2012-4414
all versions
Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5
 CVE-2013-0389
>= 5.1.0 and < 5.1.67
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authen
 CVE-2013-0386
>= 5.5.0 and < 5.5.29
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect a
 CVE-2013-0385
>= 5.1.0 and < 5.1.67
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users t
 CVE-2013-0384
>= 5.1.0 and < 5.1.67
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authen
 CVE-2013-0383
>= 5.1.0 and < 5.1.67
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attack
 CVE-2013-0375
>= 5.1.0 and < 5.1.67
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authen
5.4MEDIUM
 CVE-2013-0371
>= 5.5.0 and < 5.5.29
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect a
 CVE-2013-0368
>= 5.5.0 and < 5.5.29
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect a
 CVE-2013-0367
>= 5.5.0 and < 5.5.29
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect a
 CVE-2012-5096
>= 5.5.0 and < 5.5.29
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server
 CVE-2012-5060
>= 5.1.0 and < 5.1.66
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenti
 CVE-2012-1705
>= 5.1.0 and < 5.1.67
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenti
 CVE-2012-1702
>= 5.1.0 and < 5.1.67
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attacker
 CVE-2012-0578
>= 5.5.0 and < 5.5.29
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect a
 CVE-2012-0574
>= 5.1.0 and < 5.1.67
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authen
 CVE-2012-0572
>= 5.1.0 and < 5.1.67
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenti
 CVE-2012-5615
all versions
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, gen
 CVE-2012-5614
>= 5.5.0 and < 5.5.30
Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticat
 CVE-2012-5613
all versions
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE priv
 CVE-2012-5612
>= 5.1.0 and < 5.1.67
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versio
 CVE-2012-5611
all versions
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other
 CVE-2012-3197
>= 5.1.0 and < 5.1.66
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote
 CVE-2012-3180
>= 5.1.0 and < 5.1.66
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote
 CVE-2012-3177
>= 5.1.0 and < 5.1.66
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote
 CVE-2012-3173
>= 5.1.0 and < 5.1.66
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote
 CVE-2012-3167
>= 5.1.0 and < 5.1.66
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote
 CVE-2012-3166
>= 5.1.0 and < 5.1.66
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote
 CVE-2012-3163
>= 5.1 and < 5.1.66
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote
 CVE-2012-3160
>= 5.1.0 and < 5.1.66
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local u
 CVE-2012-3158
>= 5.1.0 and < 5.1.66
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote
 CVE-2012-3150
>= 5.1.0 and < 5.1.66
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote
 CVE-2012-2750
>= 5.5.0 and <= 5.5.23
Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a "Security Fix", aka Bug
 CVE-2012-1757
>= 5.5.0 and < 5.5.24
Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via u
 CVE-2012-1756
>= 5.5.0 and < 5.5.24
Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via u
 CVE-2012-1735
>= 5.5.0 and < 5.5.24
Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via u
 CVE-2012-1734
>= 5.1.0 and < 5.1.66
Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to
 CVE-2012-1689
>= 5.1.0 and < 5.1.66
Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to
 CVE-2012-0540
>= 5.1.0 and < 5.1.66
Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to af
 CVE-2012-2122
all versions
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62,
 CVE-2012-1703
>= 5.1.0 and < 5.1.62
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote
 CVE-2012-1697
>= 5.5.0 and < 5.5.22
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to af
 CVE-2012-1690
>= 5.1.0 and < 5.1.62
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote
 CVE-2012-1688
>= 5.1.0 and < 5.1.62
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote
 CVE-2009-4484
>= 5.1 and < 5.1.42
Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as us
 CVE-2005-0004
>= 5.5.0 and < 5.5.66
The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, all
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin