CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2021-46657 – mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref
https://notcve.org/view.php?id=CVE-2021-46657
29 Jan 2022 — get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. La función get_sort_by_table en MariaDB versiones anteriores a 10.6.2, permite un bloqueo de la aplicación por medio de determinados usos de ORDER BY en la subconsulta MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include an integer overflow vulnerability. • https://jira.mariadb.org/browse/MDEV-25629 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2021-46659 – mariadb: Crash executing query with VIEW, aggregate and subquery
https://notcve.org/view.php?id=CVE-2021-46659
29 Jan 2022 — MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. MariaDB versiones anteriores a 10.7.2 permite un bloqueo de la aplicación porque no reconoce que SELECT_LEX::nest_level es local a cada VIEW Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.34 in Ubuntu 20.04 LTS and to 10.5.15 in Ubuntu 21.10. In addition to security f... • https://jira.mariadb.org/browse/MDEV-25631 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0CVE-2021-2144 – mysql: Server: Parser unspecified vulnerability (CPU Apr 2021)
https://notcve.org/view.php?id=CVE-2021-2144
22 Apr 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). • https://security.netapp.com/advisory/ntap-20210513-0002 •
CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 0CVE-2021-2011 – mysql: C API unspecified vulnerability (CPU Jan 2021)
https://notcve.org/view.php?id=CVE-2021-2011
20 Jan 2021 — Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2021-2007 – mysql: C API unspecified vulnerability (CPU Jan 2021)
https://notcve.org/view.php?id=CVE-2021-2007
20 Jan 2021 — Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2020-28912
https://notcve.org/view.php?id=CVE-2020-28912
24 Dec 2020 — With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between the client and the server, and getting the ability to run SQL commands on behalf of the connected user. This occurs because of an incorrect security descriptor. This affects MariaDB Server before 10.1.48, 10.2.x be... • https://hackerone.com/reports/1019891 •
CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 0CVE-2020-14550 – mysql: C API unspecified vulnerability (CPU Jul 2020)
https://notcve.org/view.php?id=CVE-2020-14550
15 Jul 2020 — Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impact... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAI7GRYZ5265JVKHC6VXI57MNJDDB63C •
CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 0CVE-2020-2922 – mysql: C API unspecified vulnerability (CPU Apr 2020)
https://notcve.org/view.php?id=CVE-2020-2922
15 Apr 2020 — Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). • https://security.gentoo.org/glsa/202105-27 •
CVSS: 4.9EPSS: 0%CPEs: 23EXPL: 0CVE-2020-2812 – mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020)
https://notcve.org/view.php?id=CVE-2020-2812
15 Apr 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (A... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html •
CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 0CVE-2020-2780 – mysql: Server: DML unspecified vulnerability (CPU Apr 2020)
https://notcve.org/view.php?id=CVE-2020-2780
15 Apr 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability im... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77REFDB7DE4WNKQIRGZTF53RFBQOXQLC •