Critical 9.0
2021-05-27< 10.4.15
mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep
MariaDB 10.4
High 7.8
2020-02-04≥ 10.4.7 and ≤ 10.4.11
mariadb: mysql_install_db allows privilege escalation due to unsafe chown and chmod operations
High 7.8
2022-02-18< 10.4.23
mariadb: lack of validating the existence of an object prior to performing operations on the object
High 7.8
2022-02-18< 10.4.23
mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer
High 7.8
2022-02-18< 10.4.23
mariadb: lack of proper validation of a user-supplied string before using it as a format specifier
High 7.8
2022-02-18< 10.4.23
mariadb: CONNECT storage engine heap-based buffer overflow
High 7.5
2022-02-01< 10.4.25
mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used
High 7.5
2022-04-14< 10.4.25
mariadb: incorrect key in "dup value" error after long unique
High 7.5
2022-04-12< 10.4.25
mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_order
High 7.5
2022-04-12< 10.4.25
mariadb: server crashes in query_arena::set_query_arena upon SELECT from view
High 7.5
2022-04-14< 10.4.25
mariadb: assertion failure in sql/item_func.cc
High 7.5
2022-04-14< 10.4.25
mariadb: crash when using HAVING with NOT EXIST predicate in an equality
High 7.5
2022-04-14< 10.4.25
mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc
High 7.5
2022-04-12< 10.4.25
mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c
High 7.5
2022-04-12< 10.4.25
mariadb: crash via component Item_subselect::init_expr_cache_tracker
High 7.5
2022-04-12< 10.4.22
mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join
High 7.5
2022-04-12< 10.4.25
mariadb: server crash in create_tmp_table::finalize
High 7.5
2022-03-25< 10.4.26
zlib: A flaw found in zlib when compressing (not decompressing) certain inputs
High 7.5
2022-04-14< 10.4.25
mariadb: use-after-poison in Binary_string::free_buffer
High 7.5
2022-04-14< 10.4.25
mariadb: assertion failure in compare_order_elements
High 7.5
2022-04-14< 10.4.25
mariadb: crash via window function in expression in ORDER BY
High 7.5
2022-04-14< 10.4.25
mariadb: assertion failure in sql/item_cmpfunc.cc
High 7.5
2022-04-14< 10.4.25
mariadb: crash when using HAVING with IS NULL predicate in an equality
High 7.5
2022-04-14< 10.4.25
mariadb: crash in multi-update and implicit grouping
High 7.5
2022-04-12< 10.4.25
mariadb: use-after-poison when complex conversion is involved in blob
High 7.5
2022-04-12< 10.4.25
mariadb: server crash at Field::set_default via specially crafted SQL statements
High 7.5
2022-04-12< 10.4.25
mariadb: assertion failures in decimal_bin_size
High 7.5
2022-04-12< 10.4.25
mariadb: server crash at my_decimal::operator=
High 7.5
2022-04-12< 10.4.25
mariadb: assertion failure in Item_args::walk_arg
High 7.5
2022-04-12< 10.4.25
mariadb: server crash in component arg_comparator::compare_real_fixed
High 7.5
2022-04-14< 10.4.25
mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING
High 7.5
2022-07-01< 10.4.26
mariadb: use-after-poison in prepare_inplace_add_virtual in handler0alter.cc
High 7.5
2022-07-01< 10.4.26
mariadb: segmentation fault via the component sub_select
High 7.5
2022-07-01< 10.4.26
mariadb: server crash in JOIN_CACHE::free or in copy_fields
High 7.5
2022-07-01< 10.4.25
mariadb: server crash in Item_args::walk_args
High 7.5
2022-07-01< 10.4.25
mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort
High 7.5
2022-07-01< 10.4.25
mariadb: server crash in Item_field::fix_outer_field for INSERT SELECT
High 7.5
2022-07-01< 10.4.26
mariadb: server crash in st_select_lex_unit::exclude_level
High 7.5
2022-07-01< 10.4.25
mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor
High 7.5
2022-07-01< 10.4.25
mariadb: server crash at Item_subselect::init_expr_cache_tracker
High 7.5
2023-09-26< 10.4.26
Mariadb: node crashes with transport endpoint is not connected mysqld got signal 6
High 7.5
2022-03-15< 10.4.23
Infinite loop in BN_mod_sqrt() reachable when parsing certificates
High 7.2
2021-03-19< 10.4.18
mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user
High 7.2
2021-04-22< 10.4.9
mysql: Server: Parser unspecified vulnerability (CPU Apr 2021)
High 7.0
2020-12-24< 10.4.16
mariadb: Named pipe permission issue on Windows
Medium 6.5
2019-07-23< 10.4.7
mysql: Server: XML unspecified vulnerability (CPU Jul 2019)
Medium 6.5
2019-07-23< 10.4.7
mysql: Server: Parser unspecified vulnerability (CPU Jul 2019)
Medium 6.5
2019-10-16< 10.4.9
mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)
Medium 6.5
2020-04-15< 10.4.9
mysql: Server: DML unspecified vulnerability (CPU Apr 2020)
Medium 6.5
2020-10-21< 10.4.16
mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
Medium 6.5
2023-01-20< 10.4.29
mariadb: NULL pointer dereference in spider_db_mbase::print_warnings()
Medium 5.9
2020-01-15< 10.4.12
mysql: C API unspecified vulnerability (CPU Jan 2020)
Medium 5.9
2021-07-20< 10.4.21
mysql: InnoDB unspecified vulnerability (CPU Jul 2021)
Medium 5.5
2019-07-23< 10.4.7
mysql: InnoDB unspecified vulnerability (CPU Jul 2019)
Medium 5.5
2020-04-15< 10.4.13
mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
Medium 5.5
2022-01-29< 10.4.23
mariadb: Crash executing query with VIEW, aggregate and subquery
Medium 5.5
2022-02-01< 10.4.22
mariadb: Integer overflow in sql_lex.cc integer leading to crash
Medium 5.5
2022-01-29< 10.4.20
mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref
Medium 5.5
2022-02-01< 10.4.24
mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE)
Medium 5.5
2022-02-01< 10.4.22
mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries
Medium 5.5
2022-02-01< 10.4.20
mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause
Medium 5.5
2022-02-01< 10.4.24
mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations
Medium 5.5
2022-01-29< 10.4.21
mariadb: save_window_function_values triggers an abort during IN subquery
Medium 5.5
2022-02-01< 10.4.24
mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements
Medium 5.5
2021-10-20< 10.4.22
mysql: InnoDB unspecified vulnerability (CPU Oct 2021)
Medium 5.5
2022-02-01< 10.4.24
mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr
Medium 5.5
2022-02-01< 10.4.24
mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements
Medium 5.5
2022-05-25< 10.4.22
mariadb: DoS due to improper locking due to unreleased lock in plugin/server_audit/server_audit.c
Medium 5.5
2022-08-27< 10.4.26
mariadb: compress_write() fails to release mutex on failure
Medium 5.5
2022-05-25< 10.4.23
mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc
Medium 5.5
2022-05-25< 10.4.23
mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc
Medium 5.3
2020-04-15< 10.4.13
mysql: C API unspecified vulnerability (CPU Apr 2020)
Medium 5.3
2022-05-25< 10.4.22
mariadb: improper locking due to unreleased lock in the ds_xbstream.cc
Medium 5.1
2019-07-23< 10.4.7
mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019)
Medium 4.9
2025-03-08< 10.4.33
mariadb: Crash in MariaDB Due to Improper Handling of Derived Tables
Medium 4.9
2023-10-17< 10.4.32
mysql: InnoDB unspecified vulnerability (CPU Oct 2023)
Medium 4.9
2019-04-23< 10.4.5
mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019)
Medium 4.9
2019-07-23< 10.4.7
mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019)
Medium 4.9
2019-04-23< 10.4.5
mysql: InnoDB unspecified vulnerability (CPU Apr 2019)
Medium 4.9
2020-04-15< 10.4.13
mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020)
Medium 4.9
2020-04-15< 10.4.13
mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
Medium 4.9
2020-10-21< 10.4.16
mysql: Server: FTS unspecified vulnerability (CPU Oct 2020)
Medium 4.9
2020-10-21< 10.4.16
mysql: InnoDB unspecified vulnerability (CPU Oct 2020)
Medium 4.9
2020-10-21< 10.4.16
mysql: Server: Locking unspecified vulnerability (CPU Oct 2020)
Medium 4.9
2021-04-22< 10.4.16
mysql: InnoDB unspecified vulnerability (CPU Apr 2021)
Medium 4.9
2021-04-22< 10.4.19
mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
Medium 4.9
2021-04-22< 10.4.19
mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
Medium 4.9
2022-04-19< 10.4.25
mysql: Server: FTS unspecified vulnerability (CPU Apr 2022)
Medium 4.4
2019-04-23< 10.4.5
mysql: Server: Replication unspecified vulnerability (CPU Apr 2019)
Medium 4.4
2019-10-16< 10.4.9
mysql: InnoDB unspecified vulnerability (CPU Oct 2019)
Medium 4.4
2021-01-20< 10.4.14
mysql: InnoDB unspecified vulnerability (CPU Jan 2021)
Medium 4.4
2021-07-20< 10.4.21
mysql: InnoDB unspecified vulnerability (CPU Jul 2021)
Medium 4.4
2022-04-19< 10.4.19
mysql: InnoDB unspecified vulnerability (CPU Apr 2022)
Medium 4.4
2022-10-18< 10.4.23
mysql: C API unspecified vulnerability (CPU Oct 2022)
Low 3.7
2020-04-15< 10.4.7
mysql: C API unspecified vulnerability (CPU Apr 2020)
Low 3.7
2021-01-20< 10.4.7
mysql: C API unspecified vulnerability (CPU Jan 2021)
N/A
0000-00-00< 10.4.25