CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2022-32081 – mariadb: use-after-poison in prepare_inplace_add_virtual in handler0alter.cc
https://notcve.org/view.php?id=CVE-2022-32081
01 Jul 2022 — MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. Se ha detectado que MariaDB versiones v10.4 a v10.7, contiene un error de uso en prepare_inplace_add_virtual en /storage/innobase/handler/handler0alter.cc Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected. • https://jira.mariadb.org/browse/MDEV-26420 • CWE-229: Improper Handling of Values CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2022-32082 – mariadb: assertion failure at table->get_ref_count() == 0 in dict0dict.cc
https://notcve.org/view.php?id=CVE-2022-32082
01 Jul 2022 — MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. Se ha detectado que MariaDB v10.5 a v10.7, contiene un fallo de aserción en la función table-)get_ref_count() == 0 en el archivo dict0dict.cc Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected. • https://jira.mariadb.org/browse/MDEV-26433 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2022-32084 – mariadb: segmentation fault via the component sub_select
https://notcve.org/view.php?id=CVE-2022-32084
01 Jul 2022 — MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. Se ha detectado que MariaDB versiones v10.2 a v10.7, contiene un fallo de segmentación por medio del componente sub_select Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected. • https://jira.mariadb.org/browse/MDEV-26427 • CWE-229: Improper Handling of Values •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2022-32089 – mariadb: server crash in st_select_lex_unit::exclude_level
https://notcve.org/view.php?id=CVE-2022-32089
01 Jul 2022 — MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. Se ha detectado que MariaDB versiones v10.5 a v10.7, contiene un fallo de segmentación por medio del componente st_select_lex_unit::exclude_level Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected. • https://jira.mariadb.org/browse/MDEV-26410 • CWE-229: Improper Handling of Values •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2022-32091 – mariadb: server crash in JOIN_CACHE::free or in copy_fields
https://notcve.org/view.php?id=CVE-2022-32091
01 Jul 2022 — MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. Se ha detectado que MariaDB v10.7, contiene un error de uso en la función __interceptor_memset en el archivo /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected. • https://jira.mariadb.org/browse/MDEV-26431 • CWE-229: Improper Handling of Values CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-31624 – mariadb: DoS due to improper locking due to unreleased lock in plugin/server_audit/server_audit.c
https://notcve.org/view.php?id=CVE-2022-31624
25 May 2022 — MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. MariaDB Server versiones anteriores a 10.7, es vulnerable a una denegación de servicio. Mientras es ejecutado el método log_statement_ex del archivo plugin/server_audit/server_audit.c, el bloqueo mantenido lock_bigbuffer no es liberado ... • https://github.com/MariaDB/server/commit/d627d00b13ab2f2c0954ea7b77202470cb102944 • CWE-404: Improper Resource Shutdown or Release CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-31621 – mariadb: improper locking due to unreleased lock in the ds_xbstream.cc
https://notcve.org/view.php?id=CVE-2022-31621
25 May 2022 — MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. MariaDB Server versiones anteriores a 10.7, es vulnerable a una denegación de servicio. En ... • https://github.com/MariaDB/server/commit/b1351c15946349f9daa7e5297fb2ac6f3139e4a8 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-31622 – mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc
https://notcve.org/view.php?id=CVE-2022-31622
25 May 2022 — MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. MariaDB Server versiones anteriores a 10.7, es vulnerable a una denegación ... • https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2 • CWE-404: Improper Resource Shutdown or Release CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-31623 – mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc
https://notcve.org/view.php?id=CVE-2022-31623
25 May 2022 — MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. MariaDB Server versiones anteriores a 10.7, es vulnerable a una deneg... • https://github.com/MariaDB/server/commit/7c30bc38a588b22b01f11130cfe99e7f36accf94 • CWE-667: Improper Locking •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-27456 – mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc
https://notcve.org/view.php?id=CVE-2022-27456
14 Apr 2022 — MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. Se ha detectado que MariaDB Server versiones v10.6.3 y anteriores, contienen un uso de memoria previamente liberada en el componente VDec::VDec en /sql/sql_type.cc A flaw was found in the MariaDB Server. It contains a use-after-free in the component, VDec::VDec at /sql/sql_type.cc, affecting availability. MariaDB is a multi-user, multi-threaded SQL database server. For all practical ... • https://jira.mariadb.org/browse/MDEV-28093 • CWE-416: Use After Free CWE-617: Reachable Assertion •