Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
MariaDB Server Number Of NVD 399 CRITICAL 3 HIGH 70 MEDIUM 277 LOW 49
URL https://mariadb.org/
Explanation It is a relational database management system (RDBMS) derived from MySQL.
Paid support is available for MariaDB Enterprise Server.
Since many Linux distributions have replaced MySQL with MariaDB, it is now easier to use on Linux.

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag
  • 商用ライセンス有り
  • オープンソース
  • GPL v2
Add Information URL
No Type Name URL
1 https://downloads.mariadb.org/mariadb/+releases/
2 https://mariadb.com/wp-content/uploads/2019/07/mariadb-engineering-policies-v2-01_policy_1036.pdf
3 https://mariadb.com/downloads/
4 https://mariadb.com/kb/en/mariadb-server/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
291 MariaDB 11.2 11.2.6 Nov. 1, 2024 June 20, 2023 0 0 0 0
292 MariaDB 11.1 11.1.6 Aug. 8, 2024 March 27, 2023 0 0 0 0
293 MariaDB 11.0 11.0.6 May 16, 2024 Dec. 27, 2022 June 30, 2024 0 0 0 0
294 MariaDB 10.11 10.11.13 May 22, 2025 Sept. 26, 2022 Feb. 28, 2028 0 0 1 0
295 MariaDB 10.10 10.10.7 Nov. 13, 2023 June 21, 2022 Nov. 30, 2023 0 0 1 0
296 MariaDB 10.9 10.9.8 Aug. 14, 2023 March 23, 2022 0 7 2 0
297 MariaDB 10.8 10.8.8 May 10, 2023 Dec. 21, 2021 0 14 2 0
298 MariaDB 10.7 10.7.8 Feb. 6, 2023 Sept. 17, 2021 Feb. 28, 2023 0 40 10 0
299 MariaDB 10.6 10.6.22 May 6, 2025 April 26, 2021 June 30, 2026 0 41 20 0
300 MariaDB 10.5 10.5.29 May 6, 2025 Dec. 3, 2019 June 24, 2025 1 43 30 0
301 MariaDB 10.4 10.4.34 May 16, 2024 July 2, 2019 July 2, 2022 1 44 46 2
302 MariaDB 10.3 10.3.39 May 10, 2023 May 25, 2018 May 25, 2023 2 35 63 3
303 MariaDB 10.2 10.2.44 May 20, 2022 May 23, 2017 May 23, 2022 2 31 99 6
304 MariaDB 10.1 10.1.48 Nov. 3, 2020 Oct. 17, 2015 Oct. 17, 2020 3 19 115 21
305 MariaDB 5.3 5.3.9 Jan. 1, 2000 0 10 23 1
306 MariaDB 5.2 5.2.9 Jan. 1, 2000 0 10 23 1
307 MariaDB 5.1 5.1.67 Jan. 1, 2000 0 13 34 5
308 MariaDB 2.5 2.5.1 Jan. 1, 2000 0 10 7 1
309 MariaDB 2.4 2.4.2 Jan. 1, 2000 0 10 7 1
310 MariaDB 2.3 2.3.1 Jan. 1, 2000 0 10 7 1
311 MariaDB 2.2 2.2.0 Jan. 1, 2000 0 10 7 1
312 MariaDB 2.1 2.13.0 Jan. 1, 2000 0 11 7 1
313 MariaDB 2.0 2.0.5 Jan. 1, 2000 0 10 7 1
314 MariaDB 1.0 1.0.2 Jan. 1, 2000 0 10 7 1
315 MariaDB 0.7 0.7.0 Jan. 1, 2000 0 10 7 1
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
291 -
4.1 		MEDIUM Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyIS… NVD-CWE-noinfo
CVE-2014-4274 cpe:2.3:a:mariadb:mariadb:*:* 10.0.0
5.5.0

10.0.13
5.5.39 		2024-11-21 11:09
2014-10-16 		Show GitHub Exploit DB Packet Storm
292 -
5.5 		MEDIUM Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors … NVD-CWE-noinfo
CVE-2014-4260 cpe:2.3:a:mariadb:mariadb:*:* 5.5.0
10.0.0

5.5.38
10.0.12 		2024-11-21 11:09
2014-07-17 		Show GitHub Exploit DB Packet Storm
293 -
6.5 		MEDIUM Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availabil… NVD-CWE-noinfo
CVE-2014-4258 cpe:2.3:a:mariadb:mariadb:*:* 5.5.0
10.0.0

5.5.38
10.0.12 		2024-11-21 11:09
2014-07-17 		Show GitHub Exploit DB Packet Storm
294 -
2.8 		LOW Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED. NVD-CWE-noinfo
CVE-2014-4243 cpe:2.3:a:mariadb:mariadb:*:* 5.5.0
10.0.0

5.5.36
10.0.9 		2024-11-21 11:09
2014-07-17 		Show GitHub Exploit DB Packet Storm
295 -
4.0 		MEDIUM Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR. NVD-CWE-noinfo
CVE-2014-4207 cpe:2.3:a:mariadb:mariadb:*:* 5.5.0
10.0.0

5.5.38
10.0.12 		2024-11-21 11:09
2014-07-17 		Show GitHub Exploit DB Packet Storm
296 -
4.0 		MEDIUM Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC. NVD-CWE-noinfo
CVE-2014-2494 cpe:2.3:a:mariadb:mariadb:*:* 5.5.0
10.0.0

5.5.38
10.0.12 		2024-11-21 11:06
2014-07-17 		Show GitHub Exploit DB Packet Storm
297 -
4.3 		MEDIUM The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers t… CWE-476
 NULL Pointer Dereference 		CVE-2014-3470 cpe:2.3:a:mariadb:mariadb:*:* 10.0.0 10.0.13 2024-11-21 11:08
2014-06-6 		Show GitHub Exploit DB Packet Storm
298 -
4.3 		MEDIUM The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client… NVD-CWE-noinfo
CVE-2014-0221 cpe:2.3:a:mariadb:mariadb:*:* 10.0.0 10.0.13 2024-11-21 11:01
2014-06-6 		Show GitHub Exploit DB Packet Storm
299 -
6.8 		MEDIUM The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, w… CWE-120
Classic Buffer Overflow 		CVE-2014-0195 cpe:2.3:a:mariadb:mariadb:*:* 10.0.0 10.0.13 2024-11-21 11:01
2014-06-6 		Show GitHub Exploit DB Packet Storm
300 7.4
5.8 		HIGH
Network 		OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a z… CWE-326
Inadequate Encryption Strength 		CVE-2014-0224 cpe:2.3:a:mariadb:mariadb:*:* 10.0.0 10.0.13 2024-11-21 11:01
2014-06-6 		Show GitHub Exploit DB Packet Storm