CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3023 – Use of Externally-Controlled Format String in pingcap/tidb
https://notcve.org/view.php?id=CVE-2022-3023
04 Nov 2022 — Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3. Uso de una Cadena de Formato Controlada Externamente en el repositorio de GitHub pingcap/tidb anterior a las versiones 6.4.0 y 6.1.3. • https://github.com/pingcap/tidb/commit/d0376379d615cc8f263a0b17c031ce403c8dcbfb • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31011 – TiDB authentication bypass vulnerability
https://notcve.org/view.php?id=CVE-2022-31011
31 May 2022 — TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access. Only users using TiDB 5.3.0 are affected by this vulnerability. TiDB version 5.3.1 contains a patch for this issue. Other mitigation strategies include turning off Security Enhanced Mode (SEM), disabling local lo... • https://github.com/pingcap/tidb/releases/tag/v5.3.1 • CWE-287: Improper Authentication •