CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-46666 – mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause
https://notcve.org/view.php?id=CVE-2021-46666
01 Feb 2022 — MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. MariaDB versiones anteriores a 10.6.2, permite un bloqueo de la aplicación debido a un manejo inapropiado de un pushdown de una cláusula HAVING a una cláusula WHERE MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include an integer overflow vulnerability. • https://jira.mariadb.org/browse/MDEV-25635 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2021-46667 – mariadb: Integer overflow in sql_lex.cc integer leading to crash
https://notcve.org/view.php?id=CVE-2021-46667
01 Feb 2022 — MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. MariaDB versiones anteriores a 10.6.5, presenta un desbordamiento de enteros en el archivo sql_lex.cc, conllevando a un bloqueo de la aplicación An integer overflow vulnerability was found in MariaDB, where an invalid size of ref_pointer_array is allocated. This issue results in a denial of service. MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible wit... • https://jira.mariadb.org/browse/MDEV-26350 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2021-46668 – mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements
https://notcve.org/view.php?id=CVE-2021-46668
01 Feb 2022 — MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. MariaDB versiones hasta 10.5.9, permite un bloqueo de la aplicación por medio de determinadas sentencias SELECT DISTINCT largas que interactúan inapropiadamente con las limitaciones de recursos del motor de almacenamiento para las estructuras de datos temporales MariaDB is a multi-user, multi-threaded SQL database serv... • https://jira.mariadb.org/browse/MDEV-25787 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2021-46669 – mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used
https://notcve.org/view.php?id=CVE-2021-46669
01 Feb 2022 — MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. MariaDB versiones hasta 10.5.9, permite a atacantes desencadenar un uso de memoria previamente liberada en la función convert_const_to_int es usado el tipo de datos BIGINT A use-after-free vulnerability was found in MariaDB. This flaw allows attackers to trigger a convert_const_to_int() use-after-free when the BIGINT data type is used, resulting in a denial of service. MariaDB is a mul... • https://jira.mariadb.org/browse/MDEV-25638 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2021-46657 – mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref
https://notcve.org/view.php?id=CVE-2021-46657
29 Jan 2022 — get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. La función get_sort_by_table en MariaDB versiones anteriores a 10.6.2, permite un bloqueo de la aplicación por medio de determinados usos de ORDER BY en la subconsulta MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include an integer overflow vulnerability. • https://jira.mariadb.org/browse/MDEV-25629 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-46658 – mariadb: save_window_function_values triggers an abort during IN subquery
https://notcve.org/view.php?id=CVE-2021-46658
29 Jan 2022 — save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. La función save_window_function_values en MariaDB versiones anteriores a 10.6.3, permite un bloqueo de la aplicación debido al manejo incorrecto de with_window_func=true para una subconsulta MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include an integer overflow vulnerability. • https://jira.mariadb.org/browse/MDEV-25630 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2021-46659 – mariadb: Crash executing query with VIEW, aggregate and subquery
https://notcve.org/view.php?id=CVE-2021-46659
29 Jan 2022 — MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. MariaDB versiones anteriores a 10.7.2 permite un bloqueo de la aplicación porque no reconoce que SELECT_LEX::nest_level es local a cada VIEW Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.34 in Ubuntu 20.04 LTS and to 10.5.15 in Ubuntu 21.10. In addition to security f... • https://jira.mariadb.org/browse/MDEV-25631 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-35604 – mysql: InnoDB unspecified vulnerability (CPU Oct 2021)
https://notcve.org/view.php?id=CVE-2021-35604
20 Oct 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH •
CVSS: 9.8EPSS: 6%CPEs: 14EXPL: 0CVE-2021-2389 – MySQL memcached Plugin Integer Underflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-2389
20 Jul 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH •
CVSS: 4.4EPSS: 0%CPEs: 15EXPL: 0CVE-2021-2372 – mysql: InnoDB unspecified vulnerability (CPU Jul 2021)
https://notcve.org/view.php?id=CVE-2021-2372
20 Jul 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH •