Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mariadb vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-32879
Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has...
NA
CVE-2023-5456
A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web application allows a remote unauthenticated malicious user to access the database service and all included data with the same privileges of the web application. This issue affec...
NA
CVE-2024-27295
Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows malicious users to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim ...
NA
CVE-2024-24812
Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library. Prior to versions 14.59.0 and 15.5.0, portal pages are susceptible to Cross-Site Scripting (XSS) which can be used to inject malicious JS...
Frappe Frappe
NA
CVE-2023-52082
Lychee is a free photo-management tool. before 5.0.2, Lychee is vulnerable to an SQL injection on any binding when using mysql/mariadb. This injection is only active for users with the `.env` settings set to DB_LOG_SQL=true and DB_LOG_SQL_EXPLAIN=true. The defaults settings of Ly...
Lycheeorg Lychee
NA
CVE-2023-46127
Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been pa...
Frappe Frappe
NA
CVE-2023-5157
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.
Mariadb Mariadb
Fedoraproject Fedora 38
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Aus 8.6
Redhat Enterprise Linux Server Tus 8.6
Redhat Enterprise Linux Eus 8.6
Redhat Enterprise Linux 9.0
Redhat Enterprise Linux Eus 9.0
Redhat Enterprise Linux Server Tus 8.8
Redhat Enterprise Linux Eus 8.8
Redhat Enterprise Linux Server Aus 9.2
Redhat Enterprise Linux Eus 9.2
Redhat Enterprise Linux For Power Little Endian Eus 9.2 Ppc64le
Redhat Enterprise Linux For Arm 64 9.0 Aarch64
Redhat Enterprise Linux For Power Little Endian 8.0 Ppc64le
Redhat Enterprise Linux For Power Little Endian Eus 8.8 Ppc64le
Redhat Enterprise Linux For Ibm Z Systems Eus 8.8 S390x
Redhat Enterprise Linux For Ibm Z Systems 8.0 S390x
Redhat Enterprise Linux For Arm 64 Eus 8.8 Aarch64
Redhat Enterprise Linux For Arm 64 8.0 Aarch64
NA
CVE-2023-40354
An issue exists in MariaDB MaxScale prior to 23.02.3. A user enters an encrypted password on a "maxctrl create service" command line, but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are ...
Mariadb Maxscale
NA
CVE-2023-26567
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. F...
Sangoma Freepbx Linux 7 1805
Sangoma Freepbx Linux 7 1904
Sangoma Freepbx Linux 7 1910
Sangoma Freepbx Linux 7 2002
Sangoma Freepbx Linux 7 2008
Sangoma Freepbx Linux 7 2011
Sangoma Freepbx Linux 7 2104
Sangoma Freepbx Linux 7 2105
Sangoma Freepbx Linux 7 2109
Sangoma Freepbx Linux 7 2112
Sangoma Freepbx Linux 7 2201
Sangoma Freepbx Linux 7 2202
Sangoma Freepbx Linux 7 2203
Sangoma Freepbx Linux 7 2302
NA
CVE-2022-47015
MariaDB Server prior to 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.
Mariadb Mariadb
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »