You are here
MySQL and MariaDB Security
Overview
- MySQL Security Products
- Useful Security Links
- Security Vulnerabilities Fixed in MariaDB
- Oracle Critical Patch Update (CPU) Advisory for MySQL
- RedHat/CentOS vulnerabilities by CVE name
- Ubuntu Security Notice (USN) for MariaDB
- Ubuntu Security Notice (USN) for MySQL
- Debian Security Advisories
- Debian Security Advisories for MySQL
- MySQL Exploits
- Debian Security Advisories for MariaDB
- MariaDB Exploits
- MariaDB Security Risk Matrix
- Cyber Emergency Response Team (CERT) in Australia and APAC
- MariaDB Security | HackerOne
MySQL Security Products
Useful Security Links
- STIG Update: DISA releases the MariaDB Enterprise 10.x Security Technical Implementation Guide
- OWASP: Database Security Cheat Sheet
- CIS MySQL 4.1/5.0/5.1 Benchmark (v1.0.2)
- CIS Oracle MySQL Community Server 5.6 Benchmark (v1.1.0)
- CIS Oracle MySQL Community Server 5.7 Benchmark (v1.0.0)
- CIS Oracle MySQL Enterprise Edition 5.6 Benchmark (v1.1.0)
- CIS Oracle MySQL Enterprise Edition 5.7 Benchmark (v1.0.0)
- MySQL Documentation: Security
- BSI certified database servers
- CVE Details
- RHSA-2013:0121-1
- RHSA-2012:1462-1
- full-disclosure@lists.grok.org.uk
- MySQL Security Forum
- MySQL SQL Injection Cheat Sheet
Security Vulnerabilities Fixed in MariaDB
Oracle Critical Patch Update (CPU) Advisory for MySQL
- Oracle Critical Patch Update Advisory - Overview
- Oracle Critical Patch Update Advisory - October 2024 (45 fixes / 9.1 max score), verbose text form
- Oracle Critical Patch Update Advisory - July 2024 (37 fixes / 9.8 max score), verbose text form
- Oracle Critical Patch Update Advisory - April 2024 (36 fixes / 7.5 max score), verbose text form
- Oracle Critical Patch Update Advisory - January 2024 (40 fixes / 9.8 max score), verbose text form
- Oracle Critical Patch Update Advisory - October 2023 (37 fixes / 9.8 max score), verbose text form
- Oracle Critical Patch Update Advisory - July 2023 (24 fixes / 9.8 max score), verbose text form
- Oracle Critical Patch Update Advisory - April 2023 (34 fixes / 9.8 max score), verbose text form
- Oracle Critical Patch Update Advisory - January 2023 (37 fixes / 9.8 max score), verbose text form
- Oracle Critical Patch Update Advisory - October 2022 (37 fixes / 9.8 max score), verbose text form
- Oracle Critical Patch Update Advisory - July 2022 (34 fixes / 9.8 max score), verbose text form
- Oracle Critical Patch Update Advisory - April 2022 (43 fixes / 9.8 max score), verbose text form
- Oracle Critical Patch Update Advisory - January 2022 (78 fixes / 7.5 max score), verbose text form
- Oracle Critical Patch Update Advisory - October 2021 (66 fixes / 9.8 max score), verbose text form
- Oracle Critical Patch Update Advisory - July 2021 (41 fixes / 8.8 max score), verbose text form
- Oracle Critical Patch Update Advisory - April 2021 (49 fixes / 9.8 max score), verbose text form
- Oracle Critical Patch Update Advisory - January 2021 (43 fixes / 7.5 max score), verbose text form
- Oracle Critical Patch Update Advisory - October 2020 (53 fixes / 9.8 max score), verbose text form
- Oracle Critical Patch Update Advisory - July 2020 (40 fixes / 9.8 max score), verbose text form
- Oracle Critical Patch Update Advisory - April 2020 (45 fixes / 9.8 max score), verbose text form
- Oracle Critical Patch Update Advisory - January 2020 (19 fixes / 7.5 max score), verbose text form
- Oracle Critical Patch Update Advisory - October 2019 (34 fixes / 9.8 max score), verbose text form
- Oracle Critical Patch Update Advisory - July 2019 (45 fixes / 9.8 max score), verbose text form
- Oracle Critical Patch Update Advisory - April 2019 (45 fixes / 7.5 max score), verbose text form
- Oracle Critical Patch Update Advisory - January 2019 (30 fixes / 9.1 max score), verbose text form
- Oracle Critical Patch Update Advisory - October 2018 (38 fixes / 9.8 max score), verbose text form
- Oracle Critical Patch Update Advisory - July 2018 (31 fixes / 9.8 max score), verbose text form
- Oracle Critical Patch Update Advisory - April 2018 (33 fixes / 7.7 max score), verbose text form
- Oracle Critical Patch Update Advisory - January 2018 (25 fixes / 8.1 max score), verbose text form
- Oracle Critical Patch Update Advisory - October 2017 (25 fixes / 8.8 max score), verbose text form
- Oracle Critical Patch Update Advisory - July 2017 (30 fixes / 9.8 max score), verbose text form
- Oracle Critical Patch Update Advisory - April 2017 (39 fixes / 10.0 max score), verbose text form
- Oracle Critical Patch Update Advisory - January 2017 (27 fixes / 8.8 max score), verbose text form
- Oracle Critical Patch Update Advisory - October 2016 (31 fixes / 7.5 max score), verbose text form
- Oracle Critical Patch Update Advisory - July 2016 (22 fixes / 8.1 max score), verbose text form
- Oracle Critical Patch Update Advisory - April 2016 (31 fixes / 9.8 max score), verbose text form
- Oracle Critical Patch Update Advisory - January 2016 (22 fixes / 7.2 max score), verbose text form
- Oracle Critical Patch Update Advisory - October 2015 (30 fixes / 9.0 max score), verbose text form
- Oracle Critical Patch Update Advisory - July 2015 (18 fixes / 6.5 max score), verbose text form
- Oracle Critical Patch Update Advisory - April 2015 (26 fixes / 10.0 max score), verbose text form
- Oracle Critical Patch Update Advisory - January 2015 (9 fixes / 7.5 max score), verbose text form
- Oracle Critical Patch Update Advisory - October 2014 (24 fixes / 8.0 max score)
- Oracle Critical Patch Update Advisory - July 2014 (10 fixes / 6.5 max score)
- Oracle Critical Patch Update Advisory - April 2014 (14 fixes / 6.5 max score)
- Oracle Critical Patch Update Advisory - January 2014 (18 fixes / 10.0 max score)
- Oracle Critical Patch Update Advisory - October 2013 (8 fixes / 8.5 max score)
- Oracle Critical Patch Update Advisory - July 2013 (18 fixes / 6.8 max score)
- Oracle Critical Patch Update Advisory - April 2013 (25 fixes / 6.8 max score)
- Oracle Critical Patch Update Advisory - January 2013 (18 fixes / 9.0 max score)
- Oracle Critical Patch Update Advisory - October 2012 (15 fixes / 9.0 max score)
- Oracle Critical Patch Update Advisory - July 2012 (6 fixes / 6.8 max score)
- Oracle Critical Patch Update Advisory - April 2012 (6 fixes / 6.8 max score)
- Oracle Critical Patch Update Advisory - January 2012 (27 fixes / 5.5 max score)
RedHat/CentOS vulnerabilities by CVE name
Red Hat vulnerabilities by CVE name for MySQL
Red Hat vulnerabilities by CVE name for MariaDB
Ubuntu Security Notice (USN) for MariaDB
Search for MariaDB.
- USN-4250-2: MariaDB vulnerabilities (2020-02-06)
- USN-4195-2: MariaDB vulnerabilities (2019-11-20)
- USN-4070-2: MariaDB vulnerabilities (2019-08-12)
- USN-3957-3: MariaDB vulnerabilities (2019-06-05)
Ubuntu Security Notice (USN) for MySQL
Search for MySQL.
- USN-4441-1: MySQL vulnerabilities (2020-07-28)
- USN-4350-1: MySQL vulnerabilities (2020-05-04)
- USN-4250-1: MySQL vulnerabilities (2020-01-27)
- USN-4195-1: MySQL vulnerabilities (2019-11-18)
- USN-4070-1: MySQL vulnerabilities (2019-07-24)
- USN-3957-1: MySQL vulnerabilities (2019-04-29)
- USN-3867-1: MySQL vulnerabilities (2019-01-23)
- USN-3799-1: MySQL vulnerabilities (2018-10-23)
- USN-3725-1: MySQL vulnerabilities (2018-07-30)
- USN-3629-1: MySQL vulnerabilities (2018-04-23)
- USN-3537-1: MySQL vulnerabilities (2018-01-22)
- USN-3459-1: MySQL vulnerabilities (2017-10-23)
- USN-3357-1: MySQL vulnerabilities (2017-07-20)
- USN-3269-1: MySQL vulnerabilities (2017-04-27)
- USN-3174-1: MySQL vulnerabilities (2017-01-19)
- USN-3109-1: MySQL vulnerabilities (2016-10-25)
- USN-3040-1: MySQL vulnerabilities (2016-07-21)
- USN-2953-1: MySQL vulnerabilities (2016-04-21)
- USN-2881-1: MySQL vulnerabilities (2016-01-16)
- USN-2781-1: MySQL vulnerabilities (2015-10-26)
- USN-2674-1: MySQL vulnerabilities (2015-07-21)
- USN-2575-1: MySQL vulnerabilities (2015-04-21)
- USN-2480-1: MySQL vulnerabilities (2015-01-22)
- USN-2384-1: MySQL vulnerabilities (2014-10-15)
- USN-2291-1: MySQL vulnerabilities (2014-07-17)
- USN-2170-1: MySQL vulnerabilities (2014-04-23)
- USN-2086-1: MySQL vulnerabilities (2014-01-21)
- USN-2006-1: MySQL vulnerabilities (2013-10-24)
- USN-1909-1: MySQL vulnerabilities (2013-07-25)
- USN-1807-2: MySQL vulnerabilities (2013-04-25)
- USN-1703-1: MySQL vulnerabilities (2013-01-22)
- USN-1658-1: MySQL vulnerability (2012-12-10)
- USN-1621-1: MySQL vulnerabilities (2012-11-05)
- USN-1467-1: MySQL vulnerabilities (2012-06-11)
- USN-1427-1: MySQL vulnerabilities (2012-04-24)
- USN-1397-1: MySQL vulnerabilities (2012-03-12)
- USN-1017-1: MySQL vulnerabilities (2010-11-11)
- USN-950-1: MySQL vulnerabilities (2010-06-09)
- USN-897-1: MySQL vulnerabilities (2010-02-10)
- USN-671-1: MySQL vulnerabilities (2008-11-17)
- USN-588-2: MySQL regression (2008-04-02)
- USN-588-1: MySQL vulnerabilities (2008-03-19)
- USN-559-1: MySQL vulnerabilities (2007-12-20)
- USN-528-1: MySQL vulnerabilities (2007-10-10)
- USN-440-1: MySQL vulnerability (2007-03-22)
- USN-353-1: openssl vulnerabilities (2006-09-29)
- USN-338-1: MySQL vulnerabilities 2006-09-05
- USN-321-1: mysql-dfsg-4.1 vulnerability
- USN-306-1: MySQL 4.1 vulnerability
- USN-283-1: MySQL vulnerabilities
- USN-274-2: MySQL vulnerability
- USN-274-1: MySQL vulnerability
- USN-180-2: MySQL 4.1 vulnerability
- USN-180-1: MySQL vulnerability
- USN-96-1: MySQL vulnerabilities
- USN-63-1: MySQL client vulnerability
- USN-32-1: MySQL vulnerabilities
Debian Security Advisories
- Security Advisories from 2016
- Security Advisories from 2015
- Security Advisories from 2014
- Security Advisories from 2013
- Security Advisories from 2012
Debian Security Advisories for MySQL
- MySQL Security Information
- DSA-3767-1 mysql-5.5 -- security update (2017-01-19)
- DSA-3635-1 for libdbd-mysql-perl (2016-07-29)
- DSA-3624-1 for mysql-5.5 (2016-07-21)
- DSA-3557-1 for mysql-5.5 (2016-04-26)
- DLA-409-1 mysql-5.5 (2016-02-01)
- DSA-3459-1 mysql-5.5 (2016-01-28)
- DSA-3377-1 mysql-5.5 (2015-10-24)
- DSA-3308-1 mysql-5.5 (2015-07-18)
- DSA-3229-1 mysql-5.5 (2015-04-19)
- DSA-3135-1 mysql-5.5 (2015-01-23)
- DSA-3054-1 mysql-5.5 (2014-10-20)
- DSA-2985-1 mysql-5.5 (2014-07-22)
- DSA-2919-1 mysql-5.5 (2014-05-03)
- DSA-2848-1 mysql-5.5 (2014-01-23)
- DSA-2818-1 mysql-5.5 (2013-12-16)
- DSA-2496-1 mysql-5.1 (2012-06-18)
- DSA-2143-1 mysql-dfsg-5.0 (2011-06-14)
- DSA-2057-1 mysql-dfsg-5.0 (2010-06-07)
Debian Security Advisories for MariaDB
- MariaDB Security Information
- DSA-3632-1 mariadb-10.0 (2016-07-27)
- DSA-3453-1 mariadb-10.0 (2016-01-25)
- DSA-3385-1 mariadb-10.0 (2015-10-31)
- DSA-3311-1 mariadb-10.0 (2015-07-20)
Cyber Emergency Response Team (CERT) in Australia and APAC
- ESB-2017.1242 - [SUSE] mariadb: Multiple vulnerabilities (17/05/2017)
- ESB-2017.0368 - [SUSE] mariadb: Multiple vulnerabilities (08/02/2017)
- ESB-2017.0361 - [SUSE] mysql: Multiple vulnerabilities (07/02/2017)
- ESB-2017.0217 - [RedHat] mysql: Multiple vulnerabilities (25/01/2017)
- ESB-2017.0215 - [Win][UNIX/Linux] phpMyAdmin: Multiple vulnerabilities (25/01/2017)
- ESB-2017.0184 - [Debian] mariadb-10.0: Multiple vulnerabilities (23/01/2017)
- ESB-2017.0170 - [Linux][Ubuntu] mysql-server-5.7: Multiple vulnerabilities (20/01/2017)
- ESB-2017.0162 - [Linux][Debian] mysql-5.5: Multiple vulnerabilities (20/01/2017)
- ESB-2017.0091 - [Juniper] Juniper Junos Space: Multiple vulnerabilities (12/01/2017)
- ESB-2017.0074 - [SUSE] freeradius-server: Unauthorised access - Remote/unauthenticated (11/01/2017)
- ESB-2016.3077 - [Linux] IBM Security Guardium: Multiple vulnerabilities (22/12/2016)
- ESB-2016.2921 - [Win][UNIX/Linux][Mac] MySQL: Root compromise - Existing account (13/12/2016)
- ESB-2016.2894 - [RedHat] rh-mariadb100-mariadb and rh-mariadb101-mariadb: Multiple vulnerabilities (09/12/2016)
- ESB-2016.2820 - [SUSE] mariadb: Multiple vulnerabilities (29/11/2016)
- ESB-2016.2812 - [Win][UNIX/Linux] phpMyAdmin: Execute arbitrary code/commands - Remote/unauthenticated (28/11/2016)
- ESB-2016.2732 - [Debian] akonadi: Denial of service - Unknown/unspecified (16/11/2016)
- ESB-2016.2729 - [RedHat] rh-mysql56-mysql: Multiple vulnerabilities (16/11/2016)
- ESB-2016.2713 - [SUSE] mysql-5.5: Multiple vulnerabilities (14/11/2016)
- ESB-2016.2712 - [Debian] mariadb-10.0: Multiple vulnerabilities (14/11/2016)
- ESB-2016.2696 - [SUSE] php5: Multiple vulnerabilities (10/11/2016)
- ESB-2016.2660 - [Debian] mysql-5.5: Access confidential data - Existing account (08/11/2016)
- ESB-2016.2622 - [RedHat] php: Multiple vulnerabilities (07/11/2016)
- ESB-2016.2619 - [RedHat] mariadb: Multiple vulnerabilities (07/11/2016)
- ESB-2016.2574 - [SUSE] php7: Multiple vulnerabilities (02/11/2016)
- ESB-2016.2558 - [SUSE] php7: Multiple vulnerabilities (01/11/2016)
- ESB-2016.2554 - [RedHat] mariadb55-mariadb: Multiple vulnerabilities (01/11/2016)
- ESB-2016.2553 - [RedHat] mysql55-mysql: Multiple vulnerabilities (01/11/2016)
- ESB-2016.2441 - [RedHat] mariadb-galera: Root compromise - Existing account (19/10/2016)
- ESB-2016.2409 - [RedHat] mariadb-galera: Root compromise - Existing account (14/10/2016)
- ESB-2016.2355.2 - UPDATE [SUSE] php5: Multiple vulnerabilities (02/11/2016)
- ESB-2016.2333 - [SUSE] php53 and php7: Multiple vulnerabilities (06/10/2016)
- ESB-2016.2309 - [UNIX/Linux][Debian] libdbd-mysql-perl: Denial of service - Existing account (04/10/2016)
- ESB-2016.2282 - [SUSE] php5: Multiple vulnerabilities (29/09/2016)
- ESB-2016.2272 - [SUSE] mariadb: Root compromise - Existing account (28/09/2016)
- ESB-2016.2219 - [SUSE] mysql: Multiple vulnerabilities (21/09/2016)
- ESB-2016.2198 - [SUSE] php53: Multiple vulnerabilities (19/09/2016)
- ESB-2016.2163 - [Debian] mysql-5.5: Root compromise - Existing account (15/09/2016)
- ESB-2016.2161 - ALERT [Win][UNIX/Linux][Ubuntu] MySQL: Root compromise - Existing account (14/09/2016)
- ESB-2016.2035 - [Virtual][RedHat] Red Hat OpenShift Enterprise: Multiple vulnerabilities (25/08/2016)
- ESB-2016.2004 - [Appliance][Virtual] F5 BIG-IP: Denial of service - Existing account (19/08/2016)
- ESB-2016.2000 - [RedHat] rh-mariadb101-mariadb: Multiple vulnerabilities (19/08/2016)
- ESB-2016.1977 - [SUSE] php5: Multiple vulnerabilities (17/08/2016)
- ESB-2016.1955 - [RedHat] PHP: Provide misleading information - Remote/unauthenticated (12/08/2016)
- ESB-2016.1952 - [RedHat] MariaDB: Multiple vulnerabilities (12/08/2016)
- ESB-2016.1951 - [RedHat] rh-mysql56-mysql: Multiple vulnerabilities (12/08/2016)
- ESB-2016.1930 - [SUSE] php53: Multiple vulnerabilities (10/08/2016)
- ESB-2016.1859 - [UNIX/Linux][Debian] libdbd-mysql-perl: Multiple vulnerabilities (01/08/2016)
- ESB-2016.1836 - [Debian] mariadb-10.0: Multiple vulnerabilities (28/07/2016)
- ESB-2016.1808 - [RedHat] mariadb55-mariadb: Multiple vulnerabilities (26/07/2016)
- ESB-2016.1807 - [RedHat] mysql55-mysql: Multiple vulnerabilities (26/07/2016)
- ESB-2016.1805 - [Debian] phpmyadmin: Multiple vulnerabilities (25/07/2016)
- ESB-2016.1797 - [Ubuntu] MySQL: Multiple vulnerabilities (22/07/2016)
- ESB-2016.1796 - [Debian] mysql-5.5: Multiple vulnerabilities (22/07/2016)
- ESB-2016.1769 - [Debian] mysql-connector-java: Modify arbitrary files - Remote/unauthenticated (19/07/2016)
- ESB-2016.1655 - [Linux] IBM Security Guardium: Multiple vulnerabilities (04/07/2016)
- ESB-2016.1592 - [Win][UNIX/Linux] phpMyAdmin: Multiple vulnerabilities (24/06/2016)
- ESB-2016.1572 - [SUSE] php53: Multiple vulnerabilities (22/06/2016)
- ESB-2016.1553.2 - UPDATE [SUSE] mariadb: Multiple vulnerabilities (23/06/2016)
- ESB-2016.1514 - [SUSE] php53: Multiple vulnerabilities (15/06/2016)
- ESB-2016.1407 - [Debian] mariadb-10.0: Multiple vulnerabilities (06/06/2016)
- ESB-2016.1367.2 - UPDATE [RedHat] python27: Multiple vulnerabilities (01/06/2016)
- ESB-2016.1333 - [RedHat] rh-mariadb100-mariadb: Multiple vulnerabilities (27/05/2016)
- ESB-2016.1277 - [Virtual][RedHat] Red Hat OpenShift Enterprise : Multiple vulnerabilities (20/05/2016)
- ESB-2016.1188 - [RedHat] Red Hat OpenShift Enterprise 3.2: Multiple vulnerabilities (13/05/2016)
- ESB-2016.1163 - [Appliance] F5 products: Modify arbitrary files - Remote/unauthenticated (11/05/2016)
- ESB-2016.1056 - [RedHat] rh-mysql56-mysql: Multiple vulnerabilities (03/05/2016)
- ESB-2016.1026 - [Win][UNIX/Linux] Wireshark: Denial of service - Remote with user interaction (27/04/2016)
- ESB-2016.1024 - [Debian] mysql-5.5: Multiple vulnerabilities (27/04/2016)
- ESB-2016.0876 - [Linux] IBM Security Guardium: Multiple vulnerabilities (08/04/2016)
- ESB-2016.0838 - [RedHat] mariadb: Multiple vulnerabilities (04/04/2016)
- ESB-2016.0755 - [Virtual][RedHat] Red Hat OpenShift Enterprise: Multiple vulnerabilities (23/03/2016)
- ESB-2016.0183 - [Debian] mariadb-10.0: Multiple vulnerabilities (27/01/2016)
- ESB-2015.3096 - [Win][Linux][Solaris][SUSE] MariaDB: Multiple vulnerabilities (11/12/2015)
- ESB-2015.2730 - [Debian] mariadb-10.0: Multiple vulnerabilities (02/11/2015)
- ESB-2015.2561 - [Linux][RedHat][Solaris] Openstack 7.0 director: Access privileged data - Remote/unauthenticated (09/10/2015)
- ESB-2015.2214 - [RedHat] mariadb: Multiple vulnerabilities (25/08/2015)
- ESB-2015.2183 - [RedHat] mariadb55-mariadb: Multiple vulnerabilities (21/08/2015)
- ESB-2015.2182 - [RedHat] rh-mariadb100-mariadb: Multiple vulnerabilities (21/08/2015)
- ESB-2015.2137 - [RedHat] mysql55-mysql: Multiple vulnerabilities (17/08/2015)
- ESB-2015.2136 - [RedHat] rh-mysql56-mysql: Multiple vulnerabilities (17/08/2015)
- ESB-2015.0268 - [RedHat] mariadb: Multiple vulnerabilities (04/02/2015)
- ESB-2014.2271 - [RedHat] mariadb-galera: Multiple vulnerabilities (03/12/2014)
- ESB-2014.2159 - [RedHat] mariadb and mariadb55-mariadb: Multiple vulnerabilities (18/11/2014)
- ESB-2014.2158 - [RedHat] mysql55-mysql: Multiple vulnerabilities (18/11/2014)
- ESB-2014.0938 - [RedHat] mariadb: Multiple vulnerabilities (11/06/2014)
- ESB-2014.0785 - [RedHat] mariadb55-mariadb: Multiple vulnerabilities (21/05/2014)
- ESB-2014.0211 - [Win][Linux][RedHat][Solaris] mariadb55-mariadb: Multiple vulnerabilities (20/02/2014)
- ASB-2017.0005 - [Win][UNIX/Linux] Oracle Products: Multiple vulnerabilities (18/01/2017)
- ASB-2016.0110 - [Linux][Appliance][Virtual] Tenable SecurityCenter: Execute arbitrary code/commands - Remote/unauthenticated (29/11/2016)
- ASB-2016.0095 - [Win][UNIX/Linux] Oracle Products: Multiple vulnerabilities (19/10/2016)
- ASB-2016.0074 - [Win][UNIX/Linux] Oracle Products: Multiple vulnerabilities (20/07/2016)
- ASB-2016.0043 - [Win][UNIX/Linux] Oracle Products: Multiple vulnerabilities (20/04/2016)
- ASB-2016.0017 - [Appliance][Virtual][Debian] AlienVault OSSIM and USM: Multiple vulnerabilities
Multiple vulnerabilities have been identified in AlienVault OSSIM and USM. (29/02/2016) - ASB-2012.0084 - ALERT [Win][UNIX/Linux] MySQL: Unauthorised access - Remote/unauthenticated
Certain builds of MySQL are vulnerable to brute force attack using invalid passwords (12/06/2012)