Mariadb
Monthly
MariaDB Server through version 11.8.5 fails to audit SQL statements when the server audit plugin is enabled and queries are prefixed with SQL comments (-- or #), allowing authenticated database users to execute DDL, DML, or DCL commands without logging. This bypass affects Relational Database Service, Aurora MySQL, and MariaDB deployments relying on audit logging for compliance and security monitoring. An attacker with database credentials could perform unauthorized administrative or data manipulation operations while evading audit trails.
MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restarts. [CVSS 7.8 HIGH]
Heap buffer overflow in CryptoLib versions prior to 1.4.3 allows a high-privileged local attacker to corrupt adjacent memory by supplying oversized hex strings in MariaDB SA fields without capacity validation. Public exploit code exists for this vulnerability affecting spacecraft communication security implementations. The flaw enables denial of service and potential code execution through heap memory manipulation.
MariaDB Server through version 11.8.5 fails to audit SQL statements when the server audit plugin is enabled and queries are prefixed with SQL comments (-- or #), allowing authenticated database users to execute DDL, DML, or DCL commands without logging. This bypass affects Relational Database Service, Aurora MySQL, and MariaDB deployments relying on audit logging for compliance and security monitoring. An attacker with database credentials could perform unauthorized administrative or data manipulation operations while evading audit trails.
MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restarts. [CVSS 7.8 HIGH]
Heap buffer overflow in CryptoLib versions prior to 1.4.3 allows a high-privileged local attacker to corrupt adjacent memory by supplying oversized hex strings in MariaDB SA fields without capacity validation. Public exploit code exists for this vulnerability affecting spacecraft communication security implementations. The flaw enables denial of service and potential code execution through heap memory manipulation.