Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mariadb
(Mariadb)| Repositories |
• https://github.com/MariaDB/server
• https://github.com/mysql/mysql-server • https://github.com/madler/zlib |
| #Vulnerabilities | 399 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-02-01 | CVE-2021-46664 | MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. | Fedora, Mariadb | 5.5 | ||
| 2022-02-01 | CVE-2021-46665 | MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. | Fedora, Mariadb | 5.5 | ||
| 2022-02-01 | CVE-2021-46667 | MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. | Fedora, Mariadb | 5.5 | ||
| 2022-02-01 | CVE-2021-46668 | MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. | Fedora, Mariadb | 5.5 | ||
| 2022-02-01 | CVE-2021-46669 | MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. | Debian_linux, Fedora, Mariadb | 7.5 | ||
| 2022-02-18 | CVE-2022-24048 | MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this... | Fedora, Mariadb | 7.8 | ||
| 2022-02-18 | CVE-2022-24050 | MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and... | Fedora, Mariadb | 7.8 | ||
| 2022-02-18 | CVE-2022-24051 | MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and... | Fedora, Mariadb | 7.8 | ||
| 2022-02-18 | CVE-2022-24052 | MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this... | Fedora, Mariadb | 7.8 | ||
| 2022-03-15 | CVE-2022-0778 | The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to... | Debian_linux, Fedora, Mariadb, 500f_firmware, A250_firmware, Cloud_volumes_ontap_mediator, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, Santricity_smi\-S_provider, Storagegrid, Node\.js, Openssl, Nessus | 7.5 |