CVSS: 4.6EPSS: 0%CPEs: 10EXPL: 0CVE-2022-21595 – mysql: C API unspecified vulnerability (CPU Oct 2022)
https://notcve.org/view.php?id=CVE-2022-21595
18 Oct 2022 — Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). • https://security.netapp.com/advisory/ntap-20221028-0013 •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-38791 – mariadb: compress_write() fails to release mutex on failure
https://notcve.org/view.php?id=CVE-2022-38791
27 Aug 2022 — In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. En MariaDB versiones anteriores a 10.9.2, la función compress_write en el archivo extra/mariabackup/ds_compress.cc no libera data_mutex tras un fallo de escritura en el flujo, lo que permite a usuarios locales desencadenar un bloqueo. Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitr... • https://jira.mariadb.org/browse/MDEV-28719 • CWE-667: Improper Locking •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-32088 – mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort
https://notcve.org/view.php?id=CVE-2022-32088
01 Jul 2022 — MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. Se ha detectado que MariaDB versiones v10.2 a v10.7, contiene un fallo de segmentación por el componente Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include buffer overflow and use-after... • https://jira.mariadb.org/browse/MDEV-26419 • CWE-229: Improper Handling of Values •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-32087 – mariadb: server crash in Item_args::walk_args
https://notcve.org/view.php?id=CVE-2022-32087
01 Jul 2022 — MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. Se ha detectado que MariaDB versiones v10.2 a v10.7, contiene un fallo de segmentación por medio del componente Item_args::walk_args Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.37 in Ubuntu 20.04 LTS and to 10.6.11 in Ubuntu 22.04 LTS and Ubuntu 22.10. In addition to security fixes, th... • https://jira.mariadb.org/browse/MDEV-26437 • CWE-229: Improper Handling of Values •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-32086 – mariadb: server crash in Item_field::fix_outer_field for INSERT SELECT
https://notcve.org/view.php?id=CVE-2022-32086
01 Jul 2022 — MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field. Se ha detectado que MariaDB versiones v10.4 a v10.8, contiene un fallo de segmentación por medio del componente Item_field::fix_outer_field MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include buffer overflow and use-after-free vulnerabilities. • https://jira.mariadb.org/browse/MDEV-26412 • CWE-229: Improper Handling of Values •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-32085 – mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor
https://notcve.org/view.php?id=CVE-2022-32085
01 Jul 2022 — MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. Se ha detectado que MariaDB versiones v10.2 a v10.7, contiene un fallo de segmentación por medio del componente Item_func_in::cleanup/Item::cleanup_processor MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include buffer overflow and use-after-free vulnerabilities. • https://jira.mariadb.org/browse/MDEV-26407 • CWE-229: Improper Handling of Values •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-32083 – mariadb: server crash at Item_subselect::init_expr_cache_tracker
https://notcve.org/view.php?id=CVE-2022-32083
01 Jul 2022 — MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. Se ha detectado que MariaDB versiones v10.2 a v10.6.1 contiene un fallo de segmentación por medio del componente Item_subselect::init_expr_cache_tracker Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.37 in Ubuntu 20.04 LTS and to 10.6.11 in Ubuntu 22.04 LTS and Ubuntu... • https://jira.mariadb.org/browse/MDEV-26047 • CWE-229: Improper Handling of Values •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2022-32081 – mariadb: use-after-poison in prepare_inplace_add_virtual in handler0alter.cc
https://notcve.org/view.php?id=CVE-2022-32081
01 Jul 2022 — MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. Se ha detectado que MariaDB versiones v10.4 a v10.7, contiene un error de uso en prepare_inplace_add_virtual en /storage/innobase/handler/handler0alter.cc Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected. • https://jira.mariadb.org/browse/MDEV-26420 • CWE-229: Improper Handling of Values CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2022-32082 – mariadb: assertion failure at table->get_ref_count() == 0 in dict0dict.cc
https://notcve.org/view.php?id=CVE-2022-32082
01 Jul 2022 — MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. Se ha detectado que MariaDB v10.5 a v10.7, contiene un fallo de aserción en la función table-)get_ref_count() == 0 en el archivo dict0dict.cc Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected. • https://jira.mariadb.org/browse/MDEV-26433 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2022-32084 – mariadb: segmentation fault via the component sub_select
https://notcve.org/view.php?id=CVE-2022-32084
01 Jul 2022 — MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. Se ha detectado que MariaDB versiones v10.2 a v10.7, contiene un fallo de segmentación por medio del componente sub_select Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected. • https://jira.mariadb.org/browse/MDEV-26427 • CWE-229: Improper Handling of Values •