Jump to Navigation

You are here

MySQL and MariaDB Security

Overview

MySQL Security Products
Useful Security Links
Security Vulnerabilities Fixed in MariaDB
Oracle Critical Patch Update (CPU) Advisory for MySQL
RedHat/CentOS vulnerabilities by CVE name
Ubuntu Security Notice (USN) for MariaDB
Ubuntu Security Notice (USN) for MySQL
Debian Security Advisories
Debian Security Advisories for MySQL
MySQL Exploits
Debian Security Advisories for MariaDB
MariaDB Exploits
MariaDB Security Risk Matrix
Cyber Emergency Response Team (CERT) in Australia and APAC
MariaDB Security | HackerOne

MySQL Security Products

Database Firewall: GreenSQL
MySQL Database Security: McAfee

Useful Security Links

STIG Update: DISA releases the MariaDB Enterprise 10.x Security Technical Implementation Guide
OWASP: Database Security Cheat Sheet
CIS MySQL 4.1/5.0/5.1 Benchmark (v1.0.2)
CIS Oracle MySQL Community Server 5.6 Benchmark (v1.1.0)
CIS Oracle MySQL Community Server 5.7 Benchmark (v1.0.0)
CIS Oracle MySQL Enterprise Edition 5.6 Benchmark (v1.1.0)
CIS Oracle MySQL Enterprise Edition 5.7 Benchmark (v1.0.0)
MySQL Documentation: Security
BSI certified database servers
CVE Details
RHSA-2013:0121-1
RHSA-2012:1462-1
full-disclosure@lists.grok.org.uk
MySQL Security Forum
MySQL SQL Injection Cheat Sheet

Security Vulnerabilities Fixed in MariaDB

Oracle Critical Patch Update (CPU) Advisory for MySQL

Oracle Critical Patch Update Advisory - Overview
Oracle Critical Patch Update Advisory - October 2024 (45 fixes / 9.1 max score), verbose text form
Oracle Critical Patch Update Advisory - July 2024 (37 fixes / 9.8 max score), verbose text form
Oracle Critical Patch Update Advisory - April 2024 (36 fixes / 7.5 max score), verbose text form
Oracle Critical Patch Update Advisory - January 2024 (40 fixes / 9.8 max score), verbose text form
Oracle Critical Patch Update Advisory - October 2023 (37 fixes / 9.8 max score), verbose text form
Oracle Critical Patch Update Advisory - July 2023 (24 fixes / 9.8 max score), verbose text form
Oracle Critical Patch Update Advisory - April 2023 (34 fixes / 9.8 max score), verbose text form
Oracle Critical Patch Update Advisory - January 2023 (37 fixes / 9.8 max score), verbose text form
Oracle Critical Patch Update Advisory - October 2022 (37 fixes / 9.8 max score), verbose text form
Oracle Critical Patch Update Advisory - July 2022 (34 fixes / 9.8 max score), verbose text form
Oracle Critical Patch Update Advisory - April 2022 (43 fixes / 9.8 max score), verbose text form
Oracle Critical Patch Update Advisory - January 2022 (78 fixes / 7.5 max score), verbose text form
Oracle Critical Patch Update Advisory - October 2021 (66 fixes / 9.8 max score), verbose text form
Oracle Critical Patch Update Advisory - July 2021 (41 fixes / 8.8 max score), verbose text form
Oracle Critical Patch Update Advisory - April 2021 (49 fixes / 9.8 max score), verbose text form
Oracle Critical Patch Update Advisory - January 2021 (43 fixes / 7.5 max score), verbose text form
Oracle Critical Patch Update Advisory - October 2020 (53 fixes / 9.8 max score), verbose text form
Oracle Critical Patch Update Advisory - July 2020 (40 fixes / 9.8 max score), verbose text form
Oracle Critical Patch Update Advisory - April 2020 (45 fixes / 9.8 max score), verbose text form
Oracle Critical Patch Update Advisory - January 2020 (19 fixes / 7.5 max score), verbose text form
Oracle Critical Patch Update Advisory - October 2019 (34 fixes / 9.8 max score), verbose text form
Oracle Critical Patch Update Advisory - July 2019 (45 fixes / 9.8 max score), verbose text form
Oracle Critical Patch Update Advisory - April 2019 (45 fixes / 7.5 max score), verbose text form
Oracle Critical Patch Update Advisory - January 2019 (30 fixes / 9.1 max score), verbose text form
Oracle Critical Patch Update Advisory - October 2018 (38 fixes / 9.8 max score), verbose text form
Oracle Critical Patch Update Advisory - July 2018 (31 fixes / 9.8 max score), verbose text form
Oracle Critical Patch Update Advisory - April 2018 (33 fixes / 7.7 max score), verbose text form
Oracle Critical Patch Update Advisory - January 2018 (25 fixes / 8.1 max score), verbose text form
Oracle Critical Patch Update Advisory - October 2017 (25 fixes / 8.8 max score), verbose text form
Oracle Critical Patch Update Advisory - July 2017 (30 fixes / 9.8 max score), verbose text form
Oracle Critical Patch Update Advisory - April 2017 (39 fixes / 10.0 max score), verbose text form
Oracle Critical Patch Update Advisory - January 2017 (27 fixes / 8.8 max score), verbose text form
Oracle Critical Patch Update Advisory - October 2016 (31 fixes / 7.5 max score), verbose text form
Oracle Critical Patch Update Advisory - July 2016 (22 fixes / 8.1 max score), verbose text form
Oracle Critical Patch Update Advisory - April 2016 (31 fixes / 9.8 max score), verbose text form
Oracle Critical Patch Update Advisory - January 2016 (22 fixes / 7.2 max score), verbose text form
Oracle Critical Patch Update Advisory - October 2015 (30 fixes / 9.0 max score), verbose text form
Oracle Critical Patch Update Advisory - July 2015 (18 fixes / 6.5 max score), verbose text form
Oracle Critical Patch Update Advisory - April 2015 (26 fixes / 10.0 max score), verbose text form
Oracle Critical Patch Update Advisory - January 2015 (9 fixes / 7.5 max score), verbose text form
Oracle Critical Patch Update Advisory - October 2014 (24 fixes / 8.0 max score)
Oracle Critical Patch Update Advisory - July 2014 (10 fixes / 6.5 max score)
Oracle Critical Patch Update Advisory - April 2014 (14 fixes / 6.5 max score)
Oracle Critical Patch Update Advisory - January 2014 (18 fixes / 10.0 max score)
Oracle Critical Patch Update Advisory - October 2013 (8 fixes / 8.5 max score)
Oracle Critical Patch Update Advisory - July 2013 (18 fixes / 6.8 max score)
Oracle Critical Patch Update Advisory - April 2013 (25 fixes / 6.8 max score)
Oracle Critical Patch Update Advisory - January 2013 (18 fixes / 9.0 max score)
Oracle Critical Patch Update Advisory - October 2012 (15 fixes / 9.0 max score)
Oracle Critical Patch Update Advisory - July 2012 (6 fixes / 6.8 max score)
Oracle Critical Patch Update Advisory - April 2012 (6 fixes / 6.8 max score)
Oracle Critical Patch Update Advisory - January 2012 (27 fixes / 5.5 max score)

RedHat/CentOS vulnerabilities by CVE name

Red Hat vulnerabilities by CVE name for MySQL

Red Hat vulnerabilities by CVE name for MariaDB

Ubuntu Security Notice (USN) for MariaDB

Search for MariaDB.

USN-4250-2: MariaDB vulnerabilities (2020-02-06)
USN-4195-2: MariaDB vulnerabilities (2019-11-20)
USN-4070-2: MariaDB vulnerabilities (2019-08-12)
USN-3957-3: MariaDB vulnerabilities (2019-06-05)

Ubuntu Security Notice (USN) for MySQL

Search for MySQL.

USN-4441-1: MySQL vulnerabilities (2020-07-28)
USN-4350-1: MySQL vulnerabilities (2020-05-04)
USN-4250-1: MySQL vulnerabilities (2020-01-27)
USN-4195-1: MySQL vulnerabilities (2019-11-18)
USN-4070-1: MySQL vulnerabilities (2019-07-24)
USN-3957-1: MySQL vulnerabilities (2019-04-29)
USN-3867-1: MySQL vulnerabilities (2019-01-23)
USN-3799-1: MySQL vulnerabilities (2018-10-23)
USN-3725-1: MySQL vulnerabilities (2018-07-30)
USN-3629-1: MySQL vulnerabilities (2018-04-23)
USN-3537-1: MySQL vulnerabilities (2018-01-22)
USN-3459-1: MySQL vulnerabilities (2017-10-23)
USN-3357-1: MySQL vulnerabilities (2017-07-20)
USN-3269-1: MySQL vulnerabilities (2017-04-27)
USN-3174-1: MySQL vulnerabilities (2017-01-19)
USN-3109-1: MySQL vulnerabilities (2016-10-25)
USN-3040-1: MySQL vulnerabilities (2016-07-21)
USN-2953-1: MySQL vulnerabilities (2016-04-21)
USN-2881-1: MySQL vulnerabilities (2016-01-16)
USN-2781-1: MySQL vulnerabilities (2015-10-26)
USN-2674-1: MySQL vulnerabilities (2015-07-21)
USN-2575-1: MySQL vulnerabilities (2015-04-21)
USN-2480-1: MySQL vulnerabilities (2015-01-22)
USN-2384-1: MySQL vulnerabilities (2014-10-15)
USN-2291-1: MySQL vulnerabilities (2014-07-17)
USN-2170-1: MySQL vulnerabilities (2014-04-23)
USN-2086-1: MySQL vulnerabilities (2014-01-21)
USN-2006-1: MySQL vulnerabilities (2013-10-24)
USN-1909-1: MySQL vulnerabilities (2013-07-25)
USN-1807-2: MySQL vulnerabilities (2013-04-25)
USN-1703-1: MySQL vulnerabilities (2013-01-22)
USN-1658-1: MySQL vulnerability (2012-12-10)
USN-1621-1: MySQL vulnerabilities (2012-11-05)
USN-1467-1: MySQL vulnerabilities (2012-06-11)
USN-1427-1: MySQL vulnerabilities (2012-04-24)
USN-1397-1: MySQL vulnerabilities (2012-03-12)
USN-1017-1: MySQL vulnerabilities (2010-11-11)
USN-950-1: MySQL vulnerabilities (2010-06-09)
USN-897-1: MySQL vulnerabilities (2010-02-10)
USN-671-1: MySQL vulnerabilities (2008-11-17)
USN-588-2: MySQL regression (2008-04-02)
USN-588-1: MySQL vulnerabilities (2008-03-19)
USN-559-1: MySQL vulnerabilities (2007-12-20)
USN-528-1: MySQL vulnerabilities (2007-10-10)
USN-440-1: MySQL vulnerability (2007-03-22)
USN-353-1: openssl vulnerabilities (2006-09-29)
USN-338-1: MySQL vulnerabilities 2006-09-05
USN-321-1: mysql-dfsg-4.1 vulnerability
USN-306-1: MySQL 4.1 vulnerability
USN-283-1: MySQL vulnerabilities
USN-274-2: MySQL vulnerability
USN-274-1: MySQL vulnerability
USN-180-2: MySQL 4.1 vulnerability
USN-180-1: MySQL vulnerability
USN-96-1: MySQL vulnerabilities
USN-63-1: MySQL client vulnerability
USN-32-1: MySQL vulnerabilities

Debian Security Advisories

Debian Security Advisories for MySQL

MySQL Security Information
DSA-3767-1 mysql-5.5 -- security update (2017-01-19)
DSA-3635-1 for libdbd-mysql-perl (2016-07-29)
DSA-3624-1 for mysql-5.5 (2016-07-21)
DSA-3557-1 for mysql-5.5 (2016-04-26)
DLA-409-1 mysql-5.5 (2016-02-01)
DSA-3459-1 mysql-5.5 (2016-01-28)
DSA-3377-1 mysql-5.5 (2015-10-24)
DSA-3308-1 mysql-5.5 (2015-07-18)
DSA-3229-1 mysql-5.5 (2015-04-19)
DSA-3135-1 mysql-5.5 (2015-01-23)
DSA-3054-1 mysql-5.5 (2014-10-20)
DSA-2985-1 mysql-5.5 (2014-07-22)
DSA-2919-1 mysql-5.5 (2014-05-03)
DSA-2848-1 mysql-5.5 (2014-01-23)
DSA-2818-1 mysql-5.5 (2013-12-16)
DSA-2496-1 mysql-5.1 (2012-06-18)
DSA-2143-1 mysql-dfsg-5.0 (2011-06-14)
DSA-2057-1 mysql-dfsg-5.0 (2010-06-07)

Debian Security Advisories for MariaDB

Cyber Emergency Response Team (CERT) in Australia and APAC

ESB-2017.1242 - [SUSE] mariadb: Multiple vulnerabilities (17/05/2017)
ESB-2017.0368 - [SUSE] mariadb: Multiple vulnerabilities (08/02/2017)
ESB-2017.0361 - [SUSE] mysql: Multiple vulnerabilities (07/02/2017)
ESB-2017.0217 - [RedHat] mysql: Multiple vulnerabilities (25/01/2017)
ESB-2017.0215 - [Win][UNIX/Linux] phpMyAdmin: Multiple vulnerabilities (25/01/2017)
ESB-2017.0184 - [Debian] mariadb-10.0: Multiple vulnerabilities (23/01/2017)
ESB-2017.0170 - [Linux][Ubuntu] mysql-server-5.7: Multiple vulnerabilities (20/01/2017)
ESB-2017.0162 - [Linux][Debian] mysql-5.5: Multiple vulnerabilities (20/01/2017)
ESB-2017.0091 - [Juniper] Juniper Junos Space: Multiple vulnerabilities (12/01/2017)
ESB-2017.0074 - [SUSE] freeradius-server: Unauthorised access - Remote/unauthenticated (11/01/2017)
ESB-2016.3077 - [Linux] IBM Security Guardium: Multiple vulnerabilities (22/12/2016)
ESB-2016.2921 - [Win][UNIX/Linux][Mac] MySQL: Root compromise - Existing account (13/12/2016)
ESB-2016.2894 - [RedHat] rh-mariadb100-mariadb and rh-mariadb101-mariadb: Multiple vulnerabilities (09/12/2016)
ESB-2016.2820 - [SUSE] mariadb: Multiple vulnerabilities (29/11/2016)
ESB-2016.2812 - [Win][UNIX/Linux] phpMyAdmin: Execute arbitrary code/commands - Remote/unauthenticated (28/11/2016)
ESB-2016.2732 - [Debian] akonadi: Denial of service - Unknown/unspecified (16/11/2016)
ESB-2016.2729 - [RedHat] rh-mysql56-mysql: Multiple vulnerabilities (16/11/2016)
ESB-2016.2713 - [SUSE] mysql-5.5: Multiple vulnerabilities (14/11/2016)
ESB-2016.2712 - [Debian] mariadb-10.0: Multiple vulnerabilities (14/11/2016)
ESB-2016.2696 - [SUSE] php5: Multiple vulnerabilities (10/11/2016)
ESB-2016.2660 - [Debian] mysql-5.5: Access confidential data - Existing account (08/11/2016)
ESB-2016.2622 - [RedHat] php: Multiple vulnerabilities (07/11/2016)
ESB-2016.2619 - [RedHat] mariadb: Multiple vulnerabilities (07/11/2016)
ESB-2016.2574 - [SUSE] php7: Multiple vulnerabilities (02/11/2016)
ESB-2016.2558 - [SUSE] php7: Multiple vulnerabilities (01/11/2016)
ESB-2016.2554 - [RedHat] mariadb55-mariadb: Multiple vulnerabilities (01/11/2016)
ESB-2016.2553 - [RedHat] mysql55-mysql: Multiple vulnerabilities (01/11/2016)
ESB-2016.2441 - [RedHat] mariadb-galera: Root compromise - Existing account (19/10/2016)
ESB-2016.2409 - [RedHat] mariadb-galera: Root compromise - Existing account (14/10/2016)
ESB-2016.2355.2 - UPDATE [SUSE] php5: Multiple vulnerabilities (02/11/2016)
ESB-2016.2333 - [SUSE] php53 and php7: Multiple vulnerabilities (06/10/2016)
ESB-2016.2309 - [UNIX/Linux][Debian] libdbd-mysql-perl: Denial of service - Existing account (04/10/2016)
ESB-2016.2282 - [SUSE] php5: Multiple vulnerabilities (29/09/2016)
ESB-2016.2272 - [SUSE] mariadb: Root compromise - Existing account (28/09/2016)
ESB-2016.2219 - [SUSE] mysql: Multiple vulnerabilities (21/09/2016)
ESB-2016.2198 - [SUSE] php53: Multiple vulnerabilities (19/09/2016)
ESB-2016.2163 - [Debian] mysql-5.5: Root compromise - Existing account (15/09/2016)
ESB-2016.2161 - ALERT [Win][UNIX/Linux][Ubuntu] MySQL: Root compromise - Existing account (14/09/2016)
ESB-2016.2035 - [Virtual][RedHat] Red Hat OpenShift Enterprise: Multiple vulnerabilities (25/08/2016)
ESB-2016.2004 - [Appliance][Virtual] F5 BIG-IP: Denial of service - Existing account (19/08/2016)
ESB-2016.2000 - [RedHat] rh-mariadb101-mariadb: Multiple vulnerabilities (19/08/2016)
ESB-2016.1977 - [SUSE] php5: Multiple vulnerabilities (17/08/2016)
ESB-2016.1955 - [RedHat] PHP: Provide misleading information - Remote/unauthenticated (12/08/2016)
ESB-2016.1952 - [RedHat] MariaDB: Multiple vulnerabilities (12/08/2016)
ESB-2016.1951 - [RedHat] rh-mysql56-mysql: Multiple vulnerabilities (12/08/2016)
ESB-2016.1930 - [SUSE] php53: Multiple vulnerabilities (10/08/2016)
ESB-2016.1859 - [UNIX/Linux][Debian] libdbd-mysql-perl: Multiple vulnerabilities (01/08/2016)
ESB-2016.1836 - [Debian] mariadb-10.0: Multiple vulnerabilities (28/07/2016)
ESB-2016.1808 - [RedHat] mariadb55-mariadb: Multiple vulnerabilities (26/07/2016)
ESB-2016.1807 - [RedHat] mysql55-mysql: Multiple vulnerabilities (26/07/2016)
ESB-2016.1805 - [Debian] phpmyadmin: Multiple vulnerabilities (25/07/2016)
ESB-2016.1797 - [Ubuntu] MySQL: Multiple vulnerabilities (22/07/2016)
ESB-2016.1796 - [Debian] mysql-5.5: Multiple vulnerabilities (22/07/2016)
ESB-2016.1769 - [Debian] mysql-connector-java: Modify arbitrary files - Remote/unauthenticated (19/07/2016)
ESB-2016.1655 - [Linux] IBM Security Guardium: Multiple vulnerabilities (04/07/2016)
ESB-2016.1592 - [Win][UNIX/Linux] phpMyAdmin: Multiple vulnerabilities (24/06/2016)
ESB-2016.1572 - [SUSE] php53: Multiple vulnerabilities (22/06/2016)
ESB-2016.1553.2 - UPDATE [SUSE] mariadb: Multiple vulnerabilities (23/06/2016)
ESB-2016.1514 - [SUSE] php53: Multiple vulnerabilities (15/06/2016)
ESB-2016.1407 - [Debian] mariadb-10.0: Multiple vulnerabilities (06/06/2016)
ESB-2016.1367.2 - UPDATE [RedHat] python27: Multiple vulnerabilities (01/06/2016)
ESB-2016.1333 - [RedHat] rh-mariadb100-mariadb: Multiple vulnerabilities (27/05/2016)
ESB-2016.1277 - [Virtual][RedHat] Red Hat OpenShift Enterprise : Multiple vulnerabilities (20/05/2016)
ESB-2016.1188 - [RedHat] Red Hat OpenShift Enterprise 3.2: Multiple vulnerabilities (13/05/2016)
ESB-2016.1163 - [Appliance] F5 products: Modify arbitrary files - Remote/unauthenticated (11/05/2016)
ESB-2016.1056 - [RedHat] rh-mysql56-mysql: Multiple vulnerabilities (03/05/2016)
ESB-2016.1026 - [Win][UNIX/Linux] Wireshark: Denial of service - Remote with user interaction (27/04/2016)
ESB-2016.1024 - [Debian] mysql-5.5: Multiple vulnerabilities (27/04/2016)
ESB-2016.0876 - [Linux] IBM Security Guardium: Multiple vulnerabilities (08/04/2016)
ESB-2016.0838 - [RedHat] mariadb: Multiple vulnerabilities (04/04/2016)
ESB-2016.0755 - [Virtual][RedHat] Red Hat OpenShift Enterprise: Multiple vulnerabilities (23/03/2016)
ESB-2016.0183 - [Debian] mariadb-10.0: Multiple vulnerabilities (27/01/2016)
ESB-2015.3096 - [Win][Linux][Solaris][SUSE] MariaDB: Multiple vulnerabilities (11/12/2015)
ESB-2015.2730 - [Debian] mariadb-10.0: Multiple vulnerabilities (02/11/2015)
ESB-2015.2561 - [Linux][RedHat][Solaris] Openstack 7.0 director: Access privileged data - Remote/unauthenticated (09/10/2015)
ESB-2015.2214 - [RedHat] mariadb: Multiple vulnerabilities (25/08/2015)
ESB-2015.2183 - [RedHat] mariadb55-mariadb: Multiple vulnerabilities (21/08/2015)
ESB-2015.2182 - [RedHat] rh-mariadb100-mariadb: Multiple vulnerabilities (21/08/2015)
ESB-2015.2137 - [RedHat] mysql55-mysql: Multiple vulnerabilities (17/08/2015)
ESB-2015.2136 - [RedHat] rh-mysql56-mysql: Multiple vulnerabilities (17/08/2015)
ESB-2015.0268 - [RedHat] mariadb: Multiple vulnerabilities (04/02/2015)
ESB-2014.2271 - [RedHat] mariadb-galera: Multiple vulnerabilities (03/12/2014)
ESB-2014.2159 - [RedHat] mariadb and mariadb55-mariadb: Multiple vulnerabilities (18/11/2014)
ESB-2014.2158 - [RedHat] mysql55-mysql: Multiple vulnerabilities (18/11/2014)
ESB-2014.0938 - [RedHat] mariadb: Multiple vulnerabilities (11/06/2014)
ESB-2014.0785 - [RedHat] mariadb55-mariadb: Multiple vulnerabilities (21/05/2014)
ESB-2014.0211 - [Win][Linux][RedHat][Solaris] mariadb55-mariadb: Multiple vulnerabilities (20/02/2014)
ASB-2017.0005 - [Win][UNIX/Linux] Oracle Products: Multiple vulnerabilities (18/01/2017)
ASB-2016.0110 - [Linux][Appliance][Virtual] Tenable SecurityCenter: Execute arbitrary code/commands - Remote/unauthenticated (29/11/2016)
ASB-2016.0095 - [Win][UNIX/Linux] Oracle Products: Multiple vulnerabilities (19/10/2016)
ASB-2016.0074 - [Win][UNIX/Linux] Oracle Products: Multiple vulnerabilities (20/07/2016)
ASB-2016.0043 - [Win][UNIX/Linux] Oracle Products: Multiple vulnerabilities (20/04/2016)
ASB-2016.0017 - [Appliance][Virtual][Debian] AlienVault OSSIM and USM: Multiple vulnerabilities
Multiple vulnerabilities have been identified in AlienVault OSSIM and USM. (29/02/2016)
ASB-2012.0084 - ALERT [Win][UNIX/Linux] MySQL: Unauthorised access - Remote/unauthenticated
Certain builds of MySQL are vulnerable to brute force attack using invalid passwords (12/06/2012)

tags: