| MariaDB Server | Number Of NVD | 399 | CRITICAL | 3 | HIGH | 70 | MEDIUM | 277 | LOW | 49 |
| URL | https://mariadb.org/ | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Explanation | It is a relational database management system (RDBMS) derived from MySQL. Paid support is available for MariaDB Enterprise Server. Since many Linux distributions have replaced MySQL with MariaDB, it is now easier to use on Linux. It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP). |
||||||||
| Tag | |||||||||
| No | Type | Name | URL |
|---|---|---|---|
| 1 | https://downloads.mariadb.org/mariadb/+releases/ | ||
| 2 | https://mariadb.com/wp-content/uploads/2019/07/mariadb-engineering-policies-v2-01_policy_1036.pdf | ||
| 3 | https://mariadb.com/downloads/ | ||
| 4 | https://mariadb.com/kb/en/mariadb-server/ |
| No | Name | Latest Version | Release date | Initial release | Normal Support | Security Support Service Pack Support |
Extended for a fee |
Critical | High | Medium | Low |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 41 | MariaDB 11.2 | 11.2.6 | Nov. 1, 2024 | June 20, 2023 | 0 | 0 | 0 | 0 | |||
| 42 | MariaDB 11.1 | 11.1.6 | Aug. 8, 2024 | March 27, 2023 | 0 | 0 | 0 | 0 | |||
| 43 | MariaDB 11.0 | 11.0.6 | May 16, 2024 | Dec. 27, 2022 | June 30, 2024 | 0 | 0 | 0 | 0 | ||
| 44 | MariaDB 10.11 | 10.11.13 | May 22, 2025 | Sept. 26, 2022 | Feb. 28, 2028 | 0 | 0 | 1 | 0 | ||
| 45 | MariaDB 10.10 | 10.10.7 | Nov. 13, 2023 | June 21, 2022 | Nov. 30, 2023 | 0 | 0 | 1 | 0 | ||
| 46 | MariaDB 10.9 | 10.9.8 | Aug. 14, 2023 | March 23, 2022 | 0 | 7 | 2 | 0 | |||
| 47 | MariaDB 10.8 | 10.8.8 | May 10, 2023 | Dec. 21, 2021 | 0 | 14 | 2 | 0 | |||
| 48 | MariaDB 10.7 | 10.7.8 | Feb. 6, 2023 | Sept. 17, 2021 | Feb. 28, 2023 | 0 | 40 | 10 | 0 | ||
| 49 | MariaDB 10.6 | 10.6.22 | May 6, 2025 | April 26, 2021 | June 30, 2026 | 0 | 41 | 20 | 0 | ||
| 50 | MariaDB 10.5 | 10.5.29 | May 6, 2025 | Dec. 3, 2019 | June 24, 2025 | 1 | 43 | 30 | 0 | ||
| 51 | MariaDB 10.4 | 10.4.34 | May 16, 2024 | July 2, 2019 | July 2, 2022 | 1 | 44 | 46 | 2 | ||
| 52 | MariaDB 10.3 | 10.3.39 | May 10, 2023 | May 25, 2018 | May 25, 2023 | 2 | 35 | 63 | 3 | ||
| 53 | MariaDB 10.2 | 10.2.44 | May 20, 2022 | May 23, 2017 | May 23, 2022 | 2 | 31 | 99 | 6 | ||
| 54 | MariaDB 10.1 | 10.1.48 | Nov. 3, 2020 | Oct. 17, 2015 | Oct. 17, 2020 | 3 | 19 | 115 | 21 | ||
| 55 | MariaDB 5.3 | 5.3.9 | Jan. 1, 2000 | 0 | 10 | 23 | 1 | ||||
| 56 | MariaDB 5.2 | 5.2.9 | Jan. 1, 2000 | 0 | 10 | 23 | 1 | ||||
| 57 | MariaDB 5.1 | 5.1.67 | Jan. 1, 2000 | 0 | 13 | 34 | 5 | ||||
| 58 | MariaDB 2.5 | 2.5.1 | Jan. 1, 2000 | 0 | 10 | 7 | 1 | ||||
| 59 | MariaDB 2.4 | 2.4.2 | Jan. 1, 2000 | 0 | 10 | 7 | 1 | ||||
| 60 | MariaDB 2.3 | 2.3.1 | Jan. 1, 2000 | 0 | 10 | 7 | 1 | ||||
| 61 | MariaDB 2.2 | 2.2.0 | Jan. 1, 2000 | 0 | 10 | 7 | 1 | ||||
| 62 | MariaDB 2.1 | 2.13.0 | Jan. 1, 2000 | 0 | 11 | 7 | 1 | ||||
| 63 | MariaDB 2.0 | 2.0.5 | Jan. 1, 2000 | 0 | 10 | 7 | 1 | ||||
| 64 | MariaDB 1.0 | 1.0.2 | Jan. 1, 2000 | 0 | 10 | 7 | 1 | ||||
| 65 | MariaDB 0.7 | 0.7.0 | Jan. 1, 2000 | 0 | 10 | 7 | 1 |
| No | CVSS3 CVSS2 |
Level Attach Vector |
Title | CWE | CVE | cpe23Uri | or higher | or less | more than | less than | Update date Published date |
Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 41 |
7.5 5.0 |
HIGH
Network |
An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. |
CWE-89
SQL Injection |
CVE-2022-27378 |
cpe:2.3:a:mariadb:mariadb:10.9:* cpe:2.3:a:mariadb:mariadb:*:* |
10.3.0 10.7.0 10.4.0 10.5.0 10.6.0 10.2.0 10.8.0 |
|
|
10.3.35 10.7.4 10.4.25 10.5.16 10.6.8 10.2.44 10.8.3 |
2024-11-21 15:55 2022-04-13 |
Show | GitHub Exploit DB Packet Storm |
| 42 |
7.5 5.0 |
HIGH
Network |
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. |
CWE-416
Use After Free |
CVE-2022-27377 | cpe:2.3:a:mariadb:mariadb:*:* |
10.3.0 10.7.0 10.4.0 10.5.0 10.6.0 10.2.0 |
|
|
10.3.35 10.7.4 10.4.25 10.5.16 10.6.8 10.2.44 |
2024-11-21 15:55 2022-04-13 |
Show | GitHub Exploit DB Packet Storm |
| 43 |
7.5 5.0 |
HIGH
Network |
MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. |
CWE-416
Use After Free |
CVE-2022-27376 | cpe:2.3:a:mariadb:mariadb:*:* |
10.3.0 10.7.0 10.4.0 10.5.0 10.6.0 |
|
|
10.3.35 10.7.4 10.4.25 10.5.16 10.6.8 |
2024-11-21 15:55 2022-04-13 |
Show | GitHub Exploit DB Packet Storm |
| 44 |
7.5 5.0 |
HIGH
Network |
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. |
CWE-787
Out-of-bounds Write |
CVE-2018-25032 | cpe:2.3:a:mariadb:mariadb:*:* |
10.3.0 10.4.0 10.5.0 10.6.0 10.7.0 10.8.0 10.9.0 |
|
|
10.3.36 10.4.26 10.5.17 10.6.9 10.7.5 10.8.4 10.9.2 |
2024-11-21 13:03 2022-03-25 |
Show | GitHub Exploit DB Packet Storm |
| 45 |
7.5 5.0 |
HIGH
Network |
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates tha… |
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop') |
CVE-2022-0778 | cpe:2.3:a:mariadb:mariadb:*:* |
10.2.0 10.3.0 10.4.0 10.5.0 10.6.0 10.7.0 |
|
|
10.2.42 10.3.33 10.4.23 10.5.14 10.6.6 10.7.2 |
2026-04-14 19:16 2022-03-16 |
Show | GitHub Exploit DB Packet Storm |
| 46 |
7.8 4.6 |
HIGH
Local |
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Au… | - | CVE-2022-24052 |
cpe:2.3:a:mariadb:mariadb:10.8.0:* cpe:2.3:a:mariadb:mariadb:*:* |
10.3.0 10.4.0 10.5.0 10.7.0 10.6.0 10.2.0 |
|
|
10.3.33 10.4.23 10.5.14 10.7.2 10.6.6 10.2.42 |
2024-11-21 15:49 2022-02-19 |
Show | GitHub Exploit DB Packet Storm |
| 47 |
7.8 4.6 |
HIGH
Local |
MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication … | - | CVE-2022-24051 |
cpe:2.3:a:mariadb:mariadb:10.8.0:* cpe:2.3:a:mariadb:mariadb:*:* |
10.3.0 10.4.0 10.5.0 10.7.0 10.6.0 10.2.0 |
|
|
10.3.33 10.4.23 10.5.14 10.7.2 10.6.6 10.2.42 |
2024-11-21 15:49 2022-02-19 |
Show | GitHub Exploit DB Packet Storm |
| 48 |
7.8 4.6 |
HIGH
Local |
MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication… | - | CVE-2022-24050 |
cpe:2.3:a:mariadb:mariadb:10.8.0:* cpe:2.3:a:mariadb:mariadb:*:* |
10.3.0 10.4.0 10.5.0 10.7.0 10.6.0 10.2.0 |
|
|
10.3.33 10.4.23 10.5.14 10.7.2 10.6.6 10.2.42 |
2024-11-21 15:49 2022-02-19 |
Show | GitHub Exploit DB Packet Storm |
| 49 |
7.8 4.6 |
HIGH
Local |
MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. A… | - | CVE-2022-24048 |
cpe:2.3:a:mariadb:mariadb:10.8.0:* cpe:2.3:a:mariadb:mariadb:*:* |
10.3.0 10.4.0 10.5.0 10.7.0 10.6.0 10.2.0 |
|
|
10.3.33 10.4.23 10.5.14 10.7.2 10.6.6 10.2.42 |
2024-11-21 15:49 2022-02-19 |
Show | GitHub Exploit DB Packet Storm |
| 50 |
7.5 5.0 |
HIGH
Network |
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. |
CWE-416
Use After Free |
CVE-2021-46669 | cpe:2.3:a:mariadb:mariadb:*:* |
10.3.0 10.7.0 10.4.0 10.5.0 10.6.0 |
|
|
10.3.35 10.7.4 10.4.25 10.5.16 10.6.8 10.2.44 |
2024-11-21 15:34 2022-02-1 |
Show | GitHub Exploit DB Packet Storm |