CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2023-5157 – Mariadb: node crashes with transport endpoint is not connected mysqld got signal 6
https://notcve.org/view.php?id=CVE-2023-5157
26 Sep 2023 — A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service. Se encontró una vulnerabilidad en MariaDB. Un escaneo de puertos OpenVAS en los puertos 3306 y 4567 permite que un cliente remoto malicioso provoque una denegación de servicio. An update for the mariadb:10.5 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Servi... • https://access.redhat.com/errata/RHSA-2023:5683 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-47015 – mariadb: NULL pointer dereference in spider_db_mbase::print_warnings()
https://notcve.org/view.php?id=CVE-2022-47015
20 Jan 2023 — MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer. MariaDB Server anterior a 10.3.34 hasta 10.9.3 es vulnerable a la denegación de servicio. Es posible que la función spider_db_mbase::print_warnings elimine la referencia a un puntero null. Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. • https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954 • CWE-476: NULL Pointer Dereference •
CVSS: 4.6EPSS: 0%CPEs: 10EXPL: 0CVE-2022-21595 – mysql: C API unspecified vulnerability (CPU Oct 2022)
https://notcve.org/view.php?id=CVE-2022-21595
18 Oct 2022 — Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). • https://security.netapp.com/advisory/ntap-20221028-0013 •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-38791 – mariadb: compress_write() fails to release mutex on failure
https://notcve.org/view.php?id=CVE-2022-38791
27 Aug 2022 — In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. En MariaDB versiones anteriores a 10.9.2, la función compress_write en el archivo extra/mariabackup/ds_compress.cc no libera data_mutex tras un fallo de escritura en el flujo, lo que permite a usuarios locales desencadenar un bloqueo. Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitr... • https://jira.mariadb.org/browse/MDEV-28719 • CWE-667: Improper Locking •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-32088 – mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort
https://notcve.org/view.php?id=CVE-2022-32088
01 Jul 2022 — MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. Se ha detectado que MariaDB versiones v10.2 a v10.7, contiene un fallo de segmentación por el componente Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include buffer overflow and use-after... • https://jira.mariadb.org/browse/MDEV-26419 • CWE-229: Improper Handling of Values •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-32087 – mariadb: server crash in Item_args::walk_args
https://notcve.org/view.php?id=CVE-2022-32087
01 Jul 2022 — MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. Se ha detectado que MariaDB versiones v10.2 a v10.7, contiene un fallo de segmentación por medio del componente Item_args::walk_args Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.37 in Ubuntu 20.04 LTS and to 10.6.11 in Ubuntu 22.04 LTS and Ubuntu 22.10. In addition to security fixes, th... • https://jira.mariadb.org/browse/MDEV-26437 • CWE-229: Improper Handling of Values •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-32086 – mariadb: server crash in Item_field::fix_outer_field for INSERT SELECT
https://notcve.org/view.php?id=CVE-2022-32086
01 Jul 2022 — MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field. Se ha detectado que MariaDB versiones v10.4 a v10.8, contiene un fallo de segmentación por medio del componente Item_field::fix_outer_field MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include buffer overflow and use-after-free vulnerabilities. • https://jira.mariadb.org/browse/MDEV-26412 • CWE-229: Improper Handling of Values •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-32085 – mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor
https://notcve.org/view.php?id=CVE-2022-32085
01 Jul 2022 — MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. Se ha detectado que MariaDB versiones v10.2 a v10.7, contiene un fallo de segmentación por medio del componente Item_func_in::cleanup/Item::cleanup_processor MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include buffer overflow and use-after-free vulnerabilities. • https://jira.mariadb.org/browse/MDEV-26407 • CWE-229: Improper Handling of Values •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-32083 – mariadb: server crash at Item_subselect::init_expr_cache_tracker
https://notcve.org/view.php?id=CVE-2022-32083
01 Jul 2022 — MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. Se ha detectado que MariaDB versiones v10.2 a v10.6.1 contiene un fallo de segmentación por medio del componente Item_subselect::init_expr_cache_tracker Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.37 in Ubuntu 20.04 LTS and to 10.6.11 in Ubuntu 22.04 LTS and Ubuntu... • https://jira.mariadb.org/browse/MDEV-26047 • CWE-229: Improper Handling of Values •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2022-32081 – mariadb: use-after-poison in prepare_inplace_add_virtual in handler0alter.cc
https://notcve.org/view.php?id=CVE-2022-32081
01 Jul 2022 — MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. Se ha detectado que MariaDB versiones v10.4 a v10.7, contiene un error de uso en prepare_inplace_add_virtual en /storage/innobase/handler/handler0alter.cc Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected. • https://jira.mariadb.org/browse/MDEV-26420 • CWE-229: Improper Handling of Values CWE-416: Use After Free •