CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-46662 – mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries
https://notcve.org/view.php?id=CVE-2021-46662
01 Feb 2022 — MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. MariaDB versiones hasta 10.5.9, permite un bloqueo de la aplicación set_var.cc por medio de determinados usos de una sentencia UPDATE junto con una subconsulta anidada MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include an integer overflow vulnerability. • https://jira.mariadb.org/browse/MDEV-25637 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2021-46663 – mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements
https://notcve.org/view.php?id=CVE-2021-46663
01 Feb 2022 — MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. MariaDB versiones hasta 10.5.13, permite un bloqueo de la aplicación ha_maria::extra por medio de determinadas sentencias SELECT MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include buffer overflow and use-after-free vulnerabilities. • https://jira.mariadb.org/browse/MDEV-26351 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2021-46664 – mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr
https://notcve.org/view.php?id=CVE-2021-46664
01 Feb 2022 — MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. MariaDB versiones hasta 10.5.9, permite un bloqueo de aplicación en la función sub_select_postjoin_aggr por un valor NULL de aggr MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include buffer overflow and use-after-free vulnerabilities. • https://jira.mariadb.org/browse/MDEV-25761 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2021-46665 – mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations
https://notcve.org/view.php?id=CVE-2021-46665
01 Feb 2022 — MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. MariaDB versiones hasta 10.5.9, permite un bloqueo de la aplicación sql_parse.cc debido a expectativas incorrectas de used_tables Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.34 in Ubuntu 20.04 LTS and to 10.5.15 in Ubuntu 21.10. In addition to security fixes, the updated packages conta... • https://jira.mariadb.org/browse/MDEV-25636 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-46666 – mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause
https://notcve.org/view.php?id=CVE-2021-46666
01 Feb 2022 — MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. MariaDB versiones anteriores a 10.6.2, permite un bloqueo de la aplicación debido a un manejo inapropiado de un pushdown de una cláusula HAVING a una cláusula WHERE MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include an integer overflow vulnerability. • https://jira.mariadb.org/browse/MDEV-25635 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2021-46667 – mariadb: Integer overflow in sql_lex.cc integer leading to crash
https://notcve.org/view.php?id=CVE-2021-46667
01 Feb 2022 — MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. MariaDB versiones anteriores a 10.6.5, presenta un desbordamiento de enteros en el archivo sql_lex.cc, conllevando a un bloqueo de la aplicación An integer overflow vulnerability was found in MariaDB, where an invalid size of ref_pointer_array is allocated. This issue results in a denial of service. MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible wit... • https://jira.mariadb.org/browse/MDEV-26350 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2021-46668 – mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements
https://notcve.org/view.php?id=CVE-2021-46668
01 Feb 2022 — MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. MariaDB versiones hasta 10.5.9, permite un bloqueo de la aplicación por medio de determinadas sentencias SELECT DISTINCT largas que interactúan inapropiadamente con las limitaciones de recursos del motor de almacenamiento para las estructuras de datos temporales MariaDB is a multi-user, multi-threaded SQL database serv... • https://jira.mariadb.org/browse/MDEV-25787 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2021-46669 – mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used
https://notcve.org/view.php?id=CVE-2021-46669
01 Feb 2022 — MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. MariaDB versiones hasta 10.5.9, permite a atacantes desencadenar un uso de memoria previamente liberada en la función convert_const_to_int es usado el tipo de datos BIGINT A use-after-free vulnerability was found in MariaDB. This flaw allows attackers to trigger a convert_const_to_int() use-after-free when the BIGINT data type is used, resulting in a denial of service. MariaDB is a mul... • https://jira.mariadb.org/browse/MDEV-25638 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2021-46657 – mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref
https://notcve.org/view.php?id=CVE-2021-46657
29 Jan 2022 — get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. La función get_sort_by_table en MariaDB versiones anteriores a 10.6.2, permite un bloqueo de la aplicación por medio de determinados usos de ORDER BY en la subconsulta MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include an integer overflow vulnerability. • https://jira.mariadb.org/browse/MDEV-25629 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-46658 – mariadb: save_window_function_values triggers an abort during IN subquery
https://notcve.org/view.php?id=CVE-2021-46658
29 Jan 2022 — save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. La función save_window_function_values en MariaDB versiones anteriores a 10.6.3, permite un bloqueo de la aplicación debido al manejo incorrecto de with_window_func=true para una subconsulta MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include an integer overflow vulnerability. • https://jira.mariadb.org/browse/MDEV-25630 • CWE-20: Improper Input Validation •