MariaDB 10.2

zlib: Big-endian out-of-bounds pointer

mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep

mariadb: Replication in sql/event_data_objects.cc occurs before ACL checks

mariadb: lack of validating the existence of an object prior to performing operations on the object

mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer

mariadb: lack of proper validation of a user-supplied string before using it as a format specifier

mariadb: CONNECT storage engine heap-based buffer overflow

mysql: Server: DML unspecified vulnerability (CPU Apr 2017)

mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017)

mysql: Server: Replication unspecified vulnerability (CPU Apr 2018)

mysql: prepared statement handle use-after-free after disconnect

mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used

mariadb: server crashes in query_arena::set_query_arena upon SELECT from view

mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c

mariadb: crash via component Item_subselect::init_expr_cache_tracker

mariadb: server crash in create_tmp_table::finalize

mariadb: assertion failure in compare_order_elements

mariadb: use-after-poison when complex conversion is involved in blob

mariadb: server crash at Field::set_default via specially crafted SQL statements

mariadb: assertion failures in decimal_bin_size

mariadb: server crash at my_decimal::operator=

mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort

mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor

mariadb: server crash at Item_subselect::init_expr_cache_tracker

Infinite loop in BN_mod_sqrt() reachable when parsing certificates

mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user

mysql: Server: Parser unspecified vulnerability (CPU Apr 2021)

mysql: Server: Partition unspecified vulnerability (CPU Jan 2018)

mysql: InnoDB unspecified vulnerability (CPU Jul 2018)

mariadb: Named pipe permission issue on Windows

mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017)

mysql: Server: InnoDB unspecified vulnerability (CPU Jan 2017)

mysql: Client programs unspecified vulnerability (CPU Oct 2017)

mysql: Server: DDL unspecified vulnerability (CPU Oct 2017)

mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017)

mysql: InnoDB unspecified vulnerability (CPU Apr 2018)

mysql: Server: DDL unspecified vulnerability (CPU Jan 2018)

mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)

mysql: InnoDB unspecified vulnerability (CPU Apr 2018)

mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)

mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)

mysql: InnoDB unspecified vulnerability (CPU Jan 2018)

mysql: InnoDB unspecified vulnerability (CPU Apr 2018)

mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)

mysql: InnoDB unspecified vulnerability (CPU Jul 2018)

mysql: Server: Parser unspecified vulnerability (CPU Oct 2018)

mysql: InnoDB unspecified vulnerability (CPU Oct 2018)

mysql: Server: Parser unspecified vulnerability (CPU Jan 2019)

mysql: InnoDB unspecified vulnerability (CPU Oct 2018)

mysql: InnoDB unspecified vulnerability (CPU Oct 2018)

mysql: Server: XML unspecified vulnerability (CPU Jul 2019)

mysql: Server: Parser unspecified vulnerability (CPU Jul 2019)

mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)

mysql: Server: DML unspecified vulnerability (CPU Apr 2020)

mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)

mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019)

mysql: Client programs unspecified vulnerability (CPU Apr 2018)

mysql: C API unspecified vulnerability (CPU Jan 2020)

mysql: C API unspecified vulnerability (CPU Jan 2021)

mysql: InnoDB unspecified vulnerability (CPU Jul 2021)

mysql: InnoDB unspecified vulnerability (CPU Apr 2018)

mysql: InnoDB unspecified vulnerability (CPU Apr 2018)

mysql: InnoDB unspecified vulnerability (CPU Oct 2018)

mysql: InnoDB unspecified vulnerability (CPU Jul 2019)

mysql: InnoDB unspecified vulnerability (CPU Apr 2020)

mariadb: Crash executing query with VIEW, aggregate and subquery

mariadb: Integer overflow in sql_lex.cc integer leading to crash

mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref

mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE)

mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause

mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations

mariadb: save_window_function_values triggers an abort during IN subquery

mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements

mysql: InnoDB unspecified vulnerability (CPU Oct 2021)

mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr

mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements

mariadb: DoS due to improper locking due to unreleased lock in plugin/server_audit/server_audit.c

mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc

mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc

mysql: Client programs unspecified vulnerability (CPU Jul 2017)

mysql: Init script calling kill with root privileges using pid from pidfile owned by mysql user (CPU Oct 2018)

mysql: C API unspecified vulnerability (CPU Jul 2020)

mysql: C API unspecified vulnerability (CPU Apr 2020)

mariadb: improper locking due to unreleased lock in the ds_xbstream.cc

mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019)

mysql: Client programs unspecified vulnerability (CPU Jul 2018)

mysql: Server: DML unspecified vulnerability (CPU Apr 2017)

mysql: Server: InnoDB unspecified vulnerability (CPU Oct 2017)

mysql: Server: DML unspecified vulnerability (CPU Jul 2017)

mysql: InnoDB unspecified vulnerability (CPU Apr 2018)

mysql: InnoDB unspecified vulnerability (CPU Apr 2018)

mysql: InnoDB unspecified vulnerability (CPU Apr 2018)

mysql: InnoDB unspecified vulnerability (CPU Apr 2018)

mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)

mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018)

mysql: InnoDB unspecified vulnerability (CPU Oct 2018)

mysql: Server: DDL unspecified vulnerability (CPU Jan 2019)

mysql: InnoDB unspecified vulnerability (CPU Oct 2018)

mysql: InnoDB unspecified vulnerability (CPU Jan 2019)

mysql: InnoDB unspecified vulnerability (CPU Oct 2018)

mysql: InnoDB unspecified vulnerability (CPU Oct 2018)

mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018)

mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019)

mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019)

mysql: InnoDB unspecified vulnerability (CPU Apr 2019)

mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020)

mysql: InnoDB unspecified vulnerability (CPU Apr 2020)

mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)

mysql: InnoDB unspecified vulnerability (CPU Oct 2020)

mysql: Server: Locking unspecified vulnerability (CPU Oct 2020)

mysql: InnoDB unspecified vulnerability (CPU Apr 2021)

mysql: InnoDB unspecified vulnerability (CPU Apr 2021)

mysql: Server: DML unspecified vulnerability (CPU Apr 2021)

mysql: Server: DML unspecified vulnerability (CPU Apr 2021)

mysql: Server: FTS unspecified vulnerability (CPU Apr 2022)

mysql: Server: MyISAM unspecified vulnerability (CPU Jan 2017)

mysql: Server: InnoDB unspecified vulnerability (CPU Oct 2017)

mysql: Server: Locking unspecified vulnerability (CPU Apr 2018)

mysql: InnoDB unspecified vulnerability (CPU Oct 2018)

mysql: Server: Replication unspecified vulnerability (CPU Apr 2019)

mysql: InnoDB unspecified vulnerability (CPU Oct 2019)

mysql: InnoDB unspecified vulnerability (CPU Jan 2021)

mysql: InnoDB unspecified vulnerability (CPU Apr 2021)

mysql: InnoDB unspecified vulnerability (CPU Jul 2021)

mysql: InnoDB unspecified vulnerability (CPU Apr 2022)

mysql: C API unspecified vulnerability (CPU Oct 2022)

mysql: Server: DDL unspecified vulnerability (CPU Apr 2017)

mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)

mysql: MyISAM unspecified vulnerability (CPU Jul 2018)

mysql: Server: Replication unspecified vulnerability (CPU Oct 2017)

mysql: Server: InnoDB unspecified vulnerability (CPU Oct 2017)

mysql: C API unspecified vulnerability (CPU Apr 2020)

mysql: C API unspecified vulnerability (CPU Jan 2021)

mysql: Server: Options unspecified vulnerability (CPU Jul 2018)

mysql: Server: DDL unspecified vulnerability (CPU Jul 2017)

mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM)