CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2023-5157 – Mariadb: node crashes with transport endpoint is not connected mysqld got signal 6
https://notcve.org/view.php?id=CVE-2023-5157
26 Sep 2023 — A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service. Se encontró una vulnerabilidad en MariaDB. Un escaneo de puertos OpenVAS en los puertos 3306 y 4567 permite que un cliente remoto malicioso provoque una denegación de servicio. An update for the mariadb:10.5 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Servi... • https://access.redhat.com/errata/RHSA-2023:5683 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-31624 – mariadb: DoS due to improper locking due to unreleased lock in plugin/server_audit/server_audit.c
https://notcve.org/view.php?id=CVE-2022-31624
25 May 2022 — MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. MariaDB Server versiones anteriores a 10.7, es vulnerable a una denegación de servicio. Mientras es ejecutado el método log_statement_ex del archivo plugin/server_audit/server_audit.c, el bloqueo mantenido lock_bigbuffer no es liberado ... • https://github.com/MariaDB/server/commit/d627d00b13ab2f2c0954ea7b77202470cb102944 • CWE-404: Improper Resource Shutdown or Release CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-31623 – mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc
https://notcve.org/view.php?id=CVE-2022-31623
25 May 2022 — MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. MariaDB Server versiones anteriores a 10.7, es vulnerable a una deneg... • https://github.com/MariaDB/server/commit/7c30bc38a588b22b01f11130cfe99e7f36accf94 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-31621 – mariadb: improper locking due to unreleased lock in the ds_xbstream.cc
https://notcve.org/view.php?id=CVE-2022-31621
25 May 2022 — MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. MariaDB Server versiones anteriores a 10.7, es vulnerable a una denegación de servicio. En ... • https://github.com/MariaDB/server/commit/b1351c15946349f9daa7e5297fb2ac6f3139e4a8 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-31622 – mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc
https://notcve.org/view.php?id=CVE-2022-31622
25 May 2022 — MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. MariaDB Server versiones anteriores a 10.7, es vulnerable a una denegación ... • https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2 • CWE-404: Improper Resource Shutdown or Release CWE-667: Improper Locking •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-27449 – mariadb: assertion failure in sql/item_func.cc
https://notcve.org/view.php?id=CVE-2022-27449
14 Apr 2022 — MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. Se ha detectado que MariaDB Server versiones v10.9 y anteriores, contienen un fallo de segmentación por medio del componente sql/item_func.cc:148 A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/item_func.cc:148, affecting availability. MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-com... • https://jira.mariadb.org/browse/MDEV-28089 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-27385 – mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join
https://notcve.org/view.php?id=CVE-2022-27385
12 Apr 2022 — An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. Se ha detectado un problema en el componente Used_tables_and_const_cache::used_tables_and_const_cache_join de MariaDB Server versiones v10.7 y anteriores, permite a atacantes causar una denegación de servicio (DoS) por medio de sentencias SQL especialmente diseñadas A flaw was found... • https://jira.mariadb.org/browse/MDEV-26415 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-46666 – mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause
https://notcve.org/view.php?id=CVE-2021-46666
01 Feb 2022 — MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. MariaDB versiones anteriores a 10.6.2, permite un bloqueo de la aplicación debido a un manejo inapropiado de un pushdown de una cláusula HAVING a una cláusula WHERE MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include an integer overflow vulnerability. • https://jira.mariadb.org/browse/MDEV-25635 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2021-46667 – mariadb: Integer overflow in sql_lex.cc integer leading to crash
https://notcve.org/view.php?id=CVE-2021-46667
01 Feb 2022 — MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. MariaDB versiones anteriores a 10.6.5, presenta un desbordamiento de enteros en el archivo sql_lex.cc, conllevando a un bloqueo de la aplicación An integer overflow vulnerability was found in MariaDB, where an invalid size of ref_pointer_array is allocated. This issue results in a denial of service. MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible wit... • https://jira.mariadb.org/browse/MDEV-26350 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2021-46669 – mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used
https://notcve.org/view.php?id=CVE-2021-46669
01 Feb 2022 — MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. MariaDB versiones hasta 10.5.9, permite a atacantes desencadenar un uso de memoria previamente liberada en la función convert_const_to_int es usado el tipo de datos BIGINT A use-after-free vulnerability was found in MariaDB. This flaw allows attackers to trigger a convert_const_to_int() use-after-free when the BIGINT data type is used, resulting in a denial of service. MariaDB is a mul... • https://jira.mariadb.org/browse/MDEV-25638 • CWE-416: Use After Free •