CVE-2021-46657 – mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref
https://notcve.org/view.php?id=CVE-2021-46657
get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. La función get_sort_by_table en MariaDB versiones anteriores a 10.6.2, permite un bloqueo de la aplicación por medio de determinados usos de ORDER BY en la subconsulta • https://jira.mariadb.org/browse/MDEV-25629 https://mariadb.com/kb/en/security https://security.netapp.com/advisory/ntap-20220221-0002 https://access.redhat.com/security/cve/CVE-2021-46657 https://bugzilla.redhat.com/show_bug.cgi?id=2049305 • CWE-20: Improper Input Validation •
CVE-2021-46659 – mariadb: Crash executing query with VIEW, aggregate and subquery
https://notcve.org/view.php?id=CVE-2021-46659
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. MariaDB versiones anteriores a 10.7.2 permite un bloqueo de la aplicación porque no reconoce que SELECT_LEX::nest_level es local a cada VIEW • https://jira.mariadb.org/browse/MDEV-25631 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO https://mariadb.com/kb/en/security https://security.netapp.com/advisory/ntap-20220311-0003 https://access.redhat.com/s • CWE-20: Improper Input Validation •
CVE-2021-2144 – mysql: Server: Parser unspecified vulnerability (CPU Apr 2021)
https://notcve.org/view.php?id=CVE-2021-2144
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). • https://security.netapp.com/advisory/ntap-20210513-0002 https://www.oracle.com/security-alerts/cpuapr2021.html https://access.redhat.com/security/cve/CVE-2021-2144 https://bugzilla.redhat.com/show_bug.cgi?id=1951749 •
CVE-2021-2022 – mysql: InnoDB unspecified vulnerability (CPU Jan 2021)
https://notcve.org/view.php?id=CVE-2021-2022
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20210219-0003 https://www.oracle.com/security-alerts/cpujan2021.html https://access.redhat.com/security/cve/CVE-2021-2022 https://bugzilla.redhat.com/show_bug.cgi?id=1922389 •
CVE-2021-2011 – mysql: C API unspecified vulnerability (CPU Jan 2021)
https://notcve.org/view.php?id=CVE-2021-2011
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20210622-0001 https://www.oracle.com/security-alerts/cpujan2021.html https://access.redhat.com/security/cve/CVE-2021-2011 https://bugzilla.redhat.com/show_bug.cgi?id=1922384 •