Page 6 of 138 results (0.015 seconds)

CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0

CVE-2022-24051 – MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2022-24051

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO https://mariadb.com/kb/en/security https://security.netapp.com/advisory/ntap-20220318-0004 https://www.zerodayinitiative.com/advisories/ZDI-22-318 https://access.redh • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-134: Use of Externally-Controlled Format String •

CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0

CVE-2022-24052 – MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2022-24052

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO https://mariadb.com/kb/en/security https://security.netapp.com/advisory/ntap-20220318-0004 https://www.zerodayinitiative.com/advisories/ZDI-22-367 https://access.redh • CWE-122: Heap-based Buffer Overflow •

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1

CVE-2021-46661 – mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE)

https://notcve.org/view.php?id=CVE-2021-46661

MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). MariaDB versiones hasta 10.5.9, permite un bloqueo de aplicación en las funciones find_field_in_tables y find_order_in_list por medio de una expresión de tabla común (CTE) no usada • https://jira.mariadb.org/browse/MDEV-25766 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO https://mariadb.com/kb/en/security https://security.netapp.com/advisory/ntap-20220221-0002 https://access.redhat.com/s • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1

CVE-2021-46664 – mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr

https://notcve.org/view.php?id=CVE-2021-46664

MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. MariaDB versiones hasta 10.5.9, permite un bloqueo de aplicación en la función sub_select_postjoin_aggr por un valor NULL de aggr • https://jira.mariadb.org/browse/MDEV-25761 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO https://mariadb.com/kb/en/security https://security.netapp.com/advisory/ntap-20220221-0002 https://access.redhat.com/s • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1

CVE-2021-46665 – mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations

https://notcve.org/view.php?id=CVE-2021-46665

MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. MariaDB versiones hasta 10.5.9, permite un bloqueo de la aplicación sql_parse.cc debido a expectativas incorrectas de used_tables • https://jira.mariadb.org/browse/MDEV-25636 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO https://mariadb.com/kb/en/security https://security.netapp.com/advisory/ntap-20220221-0002 https://access.redhat.com/s • CWE-20: Improper Input Validation •