CVSS: 4.9EPSS: 0%CPEs: 12EXPL: 0CVE-2022-21427 – mysql: Server: FTS unspecified vulnerability (CPU Apr 2022)
https://notcve.org/view.php?id=CVE-2022-21427
19 Apr 2022 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-27449 – mariadb: assertion failure in sql/item_func.cc
https://notcve.org/view.php?id=CVE-2022-27449
14 Apr 2022 — MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. Se ha detectado que MariaDB Server versiones v10.9 y anteriores, contienen un fallo de segmentación por medio del componente sql/item_func.cc:148 A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/item_func.cc:148, affecting availability. MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-com... • https://jira.mariadb.org/browse/MDEV-28089 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-27445 – mariadb: assertion failure in compare_order_elements
https://notcve.org/view.php?id=CVE-2022-27445
14 Apr 2022 — MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. Se ha detectado que MariaDB Server versiones v10.9 y anteriores, contienen un fallo de segmentación por medio del componente sql/sql_window.cc A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/sql_window.cc, impacting availability. MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible w... • https://jira.mariadb.org/browse/MDEV-28081 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-27386 – mariadb: server crashes in query_arena::set_query_arena upon SELECT from view
https://notcve.org/view.php?id=CVE-2022-27386
12 Apr 2022 — MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. Se ha detectado que MariaDB Server versiones v10.7 y anteriores, contienen un fallo de segmentación por medio del componente sql/sql_class.cc A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/sql_class.cc, impacting availability. Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these iss... • https://jira.mariadb.org/browse/MDEV-26406 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-27387 – mariadb: assertion failures in decimal_bin_size
https://notcve.org/view.php?id=CVE-2022-27387
12 Apr 2022 — MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. Se ha detectado que MariaDB Server versiones v10.7 y anteriores, contienen un desbordamiento de búfer global en el componente decimal_bin_size, que es explotada por medio de sentencias SQL especialmente diseñadas A flaw was found in the MariaDB Server. It contains a global buffer overflow in the component, decimal_bin_size, which is exp... • https://jira.mariadb.org/browse/MDEV-26422 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-27385 – mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join
https://notcve.org/view.php?id=CVE-2022-27385
12 Apr 2022 — An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. Se ha detectado un problema en el componente Used_tables_and_const_cache::used_tables_and_const_cache_join de MariaDB Server versiones v10.7 y anteriores, permite a atacantes causar una denegación de servicio (DoS) por medio de sentencias SQL especialmente diseñadas A flaw was found... • https://jira.mariadb.org/browse/MDEV-26415 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2022-27384 – mariadb: crash via component Item_subselect::init_expr_cache_tracker
https://notcve.org/view.php?id=CVE-2022-27384
12 Apr 2022 — An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. Se ha detectado un problema en el componente Item_subselect::init_expr_cache_tracker de MariaDB Server versiones v10.6 y anteriores, que permite a atacantes causar una Denegación de Servicio (DoS) por medio de sentencias SQL especialmente diseñadas A flaw was found in MariaDB. An issue in the component, ... • https://jira.mariadb.org/browse/MDEV-26047 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2022-27383 – mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c
https://notcve.org/view.php?id=CVE-2022-27383
12 Apr 2022 — MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. Se ha detectado que MariaDB Server versiones v10.6 y anteriores, contienen un uso de memoria previamente liberada en el componente my_strcasecmp_8bit, que es explotada por medio de sentencias SQL especialmente diseñadas A flaw was found in the MariaDB Server. A use-after-free in the component, my_strcasecmp_8bit, can be exploited via special... • https://jira.mariadb.org/browse/MDEV-26323 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-27381 – mariadb: server crash at Field::set_default via specially crafted SQL statements
https://notcve.org/view.php?id=CVE-2022-27381
12 Apr 2022 — An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. Se ha detectado un problema en el componente Field::set_default de MariaDB Server versiones v10.6 y anteriores, que permite a atacantes causar una denegación de servicio (DoS) por medio de sentencias SQL especialmente diseñadas A flaw was found in MariaDB. The component, Field::set_default, allows attackers to cause a denial... • https://jira.mariadb.org/browse/MDEV-26061 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-27380 – mariadb: server crash at my_decimal::operator=
https://notcve.org/view.php?id=CVE-2022-27380
12 Apr 2022 — An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. Se ha detectado un problema en el componente my_decimal::operator= de MariaDB Server versiones v10.6.3 y anteriores, que permite a atacantes causar una denegación de servicio (DoS) por medio de sentencias SQL especialmente diseñadas A flaw was found in MariaDB. The component, my_decimal::operator=, allows attackers to c... • https://jira.mariadb.org/browse/MDEV-26280 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •