Filtered by vendor Mariadb
Subscriptions
Total
405 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-46662 | 2 Mariadb, Redhat | 4 Mariadb, Enterprise Linux, Rhel Eus and 1 more | 2024-08-04 | 5.5 Medium |
| MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. | ||||
| CVE-2021-46657 | 2 Mariadb, Redhat | 4 Mariadb, Enterprise Linux, Rhel Eus and 1 more | 2024-08-04 | 5.5 Medium |
| get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. | ||||
| CVE-2021-46658 | 2 Mariadb, Redhat | 4 Mariadb, Enterprise Linux, Rhel Eus and 1 more | 2024-08-04 | 5.5 Medium |
| save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. | ||||
| CVE-2021-27928 | 5 Debian, Galeracluster, Mariadb and 2 more | 8 Debian Linux, Wsrep, Mariadb and 5 more | 2024-08-03 | 7.2 High |
| A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product. | ||||
| CVE-2022-47015 | 2 Mariadb, Redhat | 3 Mariadb, Enterprise Linux, Rhel Software Collections | 2024-08-03 | 6.5 Medium |
| MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer. | ||||
| CVE-2022-38791 | 3 Fedoraproject, Mariadb, Redhat | 4 Fedora, Mariadb, Enterprise Linux and 1 more | 2024-08-03 | 5.5 Medium |
| In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. | ||||
| CVE-2022-31622 | 2 Mariadb, Redhat | 3 Mariadb, Enterprise Linux, Rhel Software Collections | 2024-08-03 | 5.5 Medium |
| MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. | ||||
| CVE-2022-32085 | 3 Debian, Mariadb, Redhat | 4 Debian Linux, Mariadb, Enterprise Linux and 1 more | 2024-08-03 | 7.5 High |
| MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. | ||||
| CVE-2022-32087 | 3 Debian, Mariadb, Redhat | 4 Debian Linux, Mariadb, Enterprise Linux and 1 more | 2024-08-03 | 7.5 High |
| MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. | ||||
| CVE-2022-32091 | 4 Debian, Fedoraproject, Mariadb and 1 more | 5 Debian Linux, Fedora, Mariadb and 2 more | 2024-08-03 | 7.5 High |
| MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. | ||||
| CVE-2022-32088 | 3 Debian, Mariadb, Redhat | 4 Debian Linux, Mariadb, Enterprise Linux and 1 more | 2024-08-03 | 7.5 High |
| MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. | ||||
| CVE-2022-32086 | 2 Mariadb, Redhat | 2 Mariadb, Rhel Software Collections | 2024-08-03 | 7.5 High |
| MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field. | ||||
| CVE-2022-32089 | 3 Fedoraproject, Mariadb, Redhat | 4 Fedora, Mariadb, Enterprise Linux and 1 more | 2024-08-03 | 7.5 High |
| MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. | ||||
| CVE-2022-32083 | 3 Debian, Mariadb, Redhat | 4 Debian Linux, Mariadb, Enterprise Linux and 1 more | 2024-08-03 | 7.5 High |
| MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. | ||||
| CVE-2022-32081 | 3 Fedoraproject, Mariadb, Redhat | 4 Fedora, Mariadb, Enterprise Linux and 1 more | 2024-08-03 | 7.5 High |
| MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. | ||||
| CVE-2022-32084 | 4 Debian, Fedoraproject, Mariadb and 1 more | 5 Debian Linux, Fedora, Mariadb and 2 more | 2024-08-03 | 7.5 High |
| MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. | ||||
| CVE-2022-32082 | 3 Fedoraproject, Mariadb, Redhat | 4 Fedora, Mariadb, Enterprise Linux and 1 more | 2024-08-03 | 7.5 High |
| MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. | ||||
| CVE-2022-31624 | 2 Mariadb, Redhat | 4 Mariadb, Enterprise Linux, Rhel Eus and 1 more | 2024-08-03 | 5.5 Medium |
| MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. | ||||
| CVE-2022-27449 | 3 Debian, Mariadb, Redhat | 4 Debian Linux, Mariadb, Enterprise Linux and 1 more | 2024-08-03 | 7.5 High |
| MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. | ||||
| CVE-2022-27456 | 3 Debian, Mariadb, Redhat | 4 Debian Linux, Mariadb, Enterprise Linux and 1 more | 2024-08-03 | 7.5 High |
| MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. | ||||