CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2022-32084 – mariadb: segmentation fault via the component sub_select
https://notcve.org/view.php?id=CVE-2022-32084
01 Jul 2022 — MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. Se ha detectado que MariaDB versiones v10.2 a v10.7, contiene un fallo de segmentación por medio del componente sub_select Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected. • https://jira.mariadb.org/browse/MDEV-26427 • CWE-229: Improper Handling of Values •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2022-32089 – mariadb: server crash in st_select_lex_unit::exclude_level
https://notcve.org/view.php?id=CVE-2022-32089
01 Jul 2022 — MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. Se ha detectado que MariaDB versiones v10.5 a v10.7, contiene un fallo de segmentación por medio del componente st_select_lex_unit::exclude_level Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected. • https://jira.mariadb.org/browse/MDEV-26410 • CWE-229: Improper Handling of Values •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2022-32091 – mariadb: server crash in JOIN_CACHE::free or in copy_fields
https://notcve.org/view.php?id=CVE-2022-32091
01 Jul 2022 — MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. Se ha detectado que MariaDB v10.7, contiene un error de uso en la función __interceptor_memset en el archivo /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected. • https://jira.mariadb.org/browse/MDEV-26431 • CWE-229: Improper Handling of Values CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-31624 – mariadb: DoS due to improper locking due to unreleased lock in plugin/server_audit/server_audit.c
https://notcve.org/view.php?id=CVE-2022-31624
25 May 2022 — MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. MariaDB Server versiones anteriores a 10.7, es vulnerable a una denegación de servicio. Mientras es ejecutado el método log_statement_ex del archivo plugin/server_audit/server_audit.c, el bloqueo mantenido lock_bigbuffer no es liberado ... • https://github.com/MariaDB/server/commit/d627d00b13ab2f2c0954ea7b77202470cb102944 • CWE-404: Improper Resource Shutdown or Release CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-31623 – mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc
https://notcve.org/view.php?id=CVE-2022-31623
25 May 2022 — MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. MariaDB Server versiones anteriores a 10.7, es vulnerable a una deneg... • https://github.com/MariaDB/server/commit/7c30bc38a588b22b01f11130cfe99e7f36accf94 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-31621 – mariadb: improper locking due to unreleased lock in the ds_xbstream.cc
https://notcve.org/view.php?id=CVE-2022-31621
25 May 2022 — MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. MariaDB Server versiones anteriores a 10.7, es vulnerable a una denegación de servicio. En ... • https://github.com/MariaDB/server/commit/b1351c15946349f9daa7e5297fb2ac6f3139e4a8 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-31622 – mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc
https://notcve.org/view.php?id=CVE-2022-31622
25 May 2022 — MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. MariaDB Server versiones anteriores a 10.7, es vulnerable a una denegación ... • https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2 • CWE-404: Improper Resource Shutdown or Release CWE-667: Improper Locking •
CVSS: 4.4EPSS: 0%CPEs: 11EXPL: 0CVE-2022-21451 – mysql: InnoDB unspecified vulnerability (CPU Apr 2022)
https://notcve.org/view.php?id=CVE-2022-21451
19 Apr 2022 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). • https://security.netapp.com/advisory/ntap-20220429-0005 •
CVSS: 4.9EPSS: 0%CPEs: 12EXPL: 0CVE-2022-21427 – mysql: Server: FTS unspecified vulnerability (CPU Apr 2022)
https://notcve.org/view.php?id=CVE-2022-21427
19 Apr 2022 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-27456 – mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc
https://notcve.org/view.php?id=CVE-2022-27456
14 Apr 2022 — MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. Se ha detectado que MariaDB Server versiones v10.6.3 y anteriores, contienen un uso de memoria previamente liberada en el componente VDec::VDec en /sql/sql_type.cc A flaw was found in the MariaDB Server. It contains a use-after-free in the component, VDec::VDec at /sql/sql_type.cc, affecting availability. MariaDB is a multi-user, multi-threaded SQL database server. For all practical ... • https://jira.mariadb.org/browse/MDEV-28093 • CWE-416: Use After Free CWE-617: Reachable Assertion •