CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2021-46659 – mariadb: Crash executing query with VIEW, aggregate and subquery
https://notcve.org/view.php?id=CVE-2021-46659
29 Jan 2022 — MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. MariaDB versiones anteriores a 10.7.2 permite un bloqueo de la aplicación porque no reconoce que SELECT_LEX::nest_level es local a cada VIEW Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.34 in Ubuntu 20.04 LTS and to 10.5.15 in Ubuntu 21.10. In addition to security f... • https://jira.mariadb.org/browse/MDEV-25631 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-35604 – mysql: InnoDB unspecified vulnerability (CPU Oct 2021)
https://notcve.org/view.php?id=CVE-2021-35604
20 Oct 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2021-2389 – MySQL memcached Plugin Integer Underflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-2389
20 Jul 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH •
CVSS: 4.4EPSS: 0%CPEs: 15EXPL: 0CVE-2021-2372 – mysql: InnoDB unspecified vulnerability (CPU Jul 2021)
https://notcve.org/view.php?id=CVE-2021-2372
20 Jul 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UTW5KMPPDKIMGB4ULE2HS22HYLVKYIH •
CVSS: 4.9EPSS: 0%CPEs: 14EXPL: 0CVE-2021-2194 – mysql: InnoDB unspecified vulnerability (CPU Apr 2021)
https://notcve.org/view.php?id=CVE-2021-2194
22 Apr 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ •
CVSS: 4.9EPSS: 0%CPEs: 14EXPL: 0CVE-2021-2166 – mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
https://notcve.org/view.php?id=CVE-2021-2166
22 Apr 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ •
CVSS: 4.9EPSS: 0%CPEs: 13EXPL: 0CVE-2021-2154 – mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
https://notcve.org/view.php?id=CVE-2021-2154
22 Apr 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPA3CTGXPVWKHMCQDVURK4ETH7GE34KK •
CVSS: 7.2EPSS: 1%CPEs: 12EXPL: 0CVE-2021-2144 – mysql: Server: Parser unspecified vulnerability (CPU Apr 2021)
https://notcve.org/view.php?id=CVE-2021-2144
22 Apr 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). • https://security.netapp.com/advisory/ntap-20210513-0002 •
CVSS: 9.0EPSS: 48%CPEs: 7EXPL: 6CVE-2021-27928 – MariaDB 10.2 - 'wsrep_provider' OS Command Execution
https://notcve.org/view.php?id=CVE-2021-27928
19 Mar 2021 — A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product. Se detectó un problema de ejecución de código remota en MariaDB versiones 10.2 a... • https://packetstorm.news/files/id/162177 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: 13EXPL: 0CVE-2021-2022 – mysql: InnoDB unspecified vulnerability (CPU Jan 2021)
https://notcve.org/view.php?id=CVE-2021-2022
20 Jan 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impa... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K •