mariadb (AlmaLinux:9) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:9 package mariadb, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2022-24051 — CVSS 7.8 (high): MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate…
CVE-2022-24050 — CVSS 7.8 (high): MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate…
CVE-2022-27377 — CVSS 7.5 (high): MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited…
CVE-2022-27384 — CVSS 7.5 (high): An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to…
CVE-2022-27386 — CVSS 7.5 (high): MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.
CVE-2022-27387 — CVSS 7.5 (high): MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via…
CVE-2022-27444 — CVSS 7.5 (high): MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.
CVE-2022-27445 — CVSS 7.5 (high): MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.
CVE-2022-27446 — CVSS 7.5 (high): MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.
CVE-2022-27447 — CVSS 7.5 (high): MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at…
CVE-2022-27448 — CVSS 7.5 (high): There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.
CVE-2022-27449 — CVSS 7.5 (high): MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.
CVE-2022-27451 — CVSS 7.5 (high): MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.
CVE-2022-27452 — CVSS 7.5 (high): MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.
CVE-2022-27455 — CVSS 7.5 (high): MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at…
CVE-2022-27456 — CVSS 7.5 (high): MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.
CVE-2022-27457 — CVSS 7.5 (high): MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.
CVE-2022-32081 — CVSS 7.5 (high): MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alt…
CVE-2022-32082 — CVSS 7.5 (high): MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.
CVE-2022-32084 — CVSS 7.5 (high): MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.
CVE-2022-32089 — CVSS 7.5 (high): MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.
CVE-2022-32091 — CVSS 7.5 (high): MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_in…
CVE-2023-5157 — CVSS 7.5 (high): A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of…
CVE-2021-46669 — CVSS 7.5 (high): MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
CVE-2022-27376 — CVSS 7.5 (high): MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via…
CVE-2022-27378 — CVSS 7.5 (high): An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial…
CVE-2022-27379 — CVSS 7.5 (high): An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause…
CVE-2022-27380 — CVSS 7.5 (high): An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of…
CVE-2022-27381 — CVSS 7.5 (high): An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of…
CVE-2022-27382 — CVSS 7.5 (high): MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_fo…
CVE-2022-27383 — CVSS 7.5 (high): MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via…
CVE-2022-47015 — CVSS 6.5 (medium): MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings…
CVE-2021-46664 — CVSS 5.5 (medium): MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.
CVE-2021-46661 — CVSS 5.5 (medium): MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression…
CVE-2025-30693 — CVSS 5.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41…
CVE-2021-46659 — CVSS 5.5 (medium): MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.
CVE-2022-38791 — CVSS 5.5 (medium): In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which…
CVE-2021-46668 — CVSS 5.5 (medium): MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine…
CVE-2021-46665 — CVSS 5.5 (medium): MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.
CVE-2022-31622 — CVSS 5.5 (medium): MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create…
CVE-2022-31623 — CVSS 5.5 (medium): MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to…
CVE-2025-30722 — CVSS 5.3 (medium): Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are…
CVE-2023-52970 — CVSS 4.9 (medium): MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in…
CVE-2024-21096 — CVSS 4.9 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36…
CVE-2023-52969 — CVSS 4.9 (medium): MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty…
CVE-2023-52971 — CVSS 4.9 (medium): MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.
CVE-2023-22084 — CVSS 4.9 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior…
CVE-2025-21490 — CVSS 4.9 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior…
CVE-2022-27458: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-27447. Reason: This candidate is a reservation duplicate of…