Debian Mariadb-10.5 vulnerabilities

CVE-2025-13699 [HIGH] CVE-2025-13699: mariadb - MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerabi... MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists withi

CVE-2025-30693 [MEDIUM] CVE-2025-30693: mariadb - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). ... Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized

CVE-2025-30722 [MEDIUM] CVE-2025-30722: mariadb - Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: my... Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in

CVE-2025-21490 [MEDIUM] CVE-2025-21490: mariadb - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). ... Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in

CVE-2024-21096 [MEDIUM] CVE-2024-21096: mariadb - Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: my... Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability

CVE-2023-52969 [MEDIUM] CVE-2023-52969: mariadb - MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, a... MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2. Scope: local bookworm: resolved (fixed in 1:10.11.13-0+deb12u1) forky: resolved (fixed in 1:11.8.2-1) sid: resolved (fixed in 1:11.8.2-1) trixie: re

CVE-2023-22084 [MEDIUM] CVE-2023-22084: mariadb - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). ... Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthori

CVE-2023-52971 [MEDIUM] CVE-2023-52971: mariadb - MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fi... MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan. Scope: local bookworm: resolved (fixed in 1:10.11.13-0+deb12u1) forky: resolved (fixed in 1:11.8.2-1) sid: resolved (fixed in 1:11.8.2-1) trixie: resolved (fixed in 1:11.8.2-1)

CVE-2023-52970 [MEDIUM] CVE-2023-52970: mariadb - MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 1... MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where. Scope: local bookworm: resolved (fixed in 1:10.11.13-0+deb12u1) forky: resolved (fixed in 1:11.8.2-1) sid: resolved (fixed in 1:11.8.2-1) trixie: resolved (fixed in 1:11.8.

CVE-2023-52968 [MEDIUM] CVE-2023-52968: mariadb - MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10... MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fix_fields_if_needed under mysql_derived_prepare when derived is not yet prepared, leading to a find_field_in_table crash. Scope: local bookworm: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-27386 [HIGH] CVE-2022-27386: mariadb-10.5 - MariaDB Server v10.7 and below was discovered to contain a segmentation fault vi... MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. Scope: local bullseye: resolved (fixed in 1:10.5.18-0+deb11u1)

CVE-2022-27448 [HIGH] CVE-2022-27448: mariadb-10.5 - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur-... There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. Scope: local bullseye: resolved (fixed in 1:10.5.18-0+deb11u1)

CVE-2022-27382 [HIGH] CVE-2022-27382: mariadb-10.5 - MariaDB Server v10.7 and below was discovered to contain a segmentation fault vi... MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. Scope: local bullseye: resolved (fixed in 1:10.5.18-0+deb11u1)

CVE-2022-32082 [HIGH] CVE-2022-32082: mariadb-10.5 - MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->... MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. Scope: local bullseye: resolved (fixed in 1:10.5.18-0+deb11u1)

CVE-2022-32083 [HIGH] CVE-2022-32083: mariadb-10.5 - MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the ... MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. Scope: local bullseye: resolved (fixed in 1:10.5.18-0+deb11u1)

CVE-2022-27387 [HIGH] CVE-2022-27387: mariadb-10.5 - MariaDB Server v10.7 and below was discovered to contain a global buffer overflo... MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. Scope: local bullseye: resolved (fixed in 1:10.5.18-0+deb11u1)

CVE-2022-32081 [HIGH] CVE-2022-32081: mariadb-10.5 - MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_... MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. Scope: local bullseye: resolved (fixed in 1:10.5.18-0+deb11u1)

CVE-2022-27378 [HIGH] CVE-2022-27378: mariadb-10.5 - An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and... An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. Scope: local bullseye: resolved (fixed in 1:10.5.18-0+deb11u1)

CVE-2022-27455 [HIGH] CVE-2022-27455: mariadb-10.5 - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in ... MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. Scope: local bullseye: resolved (fixed in 1:10.5.18-0+deb11u1)

CVE-2022-27449 [HIGH] CVE-2022-27449: mariadb-10.5 - MariaDB Server v10.9 and below was discovered to contain a segmentation fault vi... MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. Scope: local bullseye: resolved (fixed in 1:10.5.18-0+deb11u1)