MariaDB 10.3.33

CPE Details

MariaDB 10.3.33
mariadb
mariadb
10.3.33
2022-02-02
11h18 +00:00
2022-02-02
14h29 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:mariadb:mariadb:10.3.33:*:*:*:*:*:*:*

Informations

Vendor

mariadb

Product

mariadb

Version

10.3.33

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-5157 2023-09-26 13h25 +00:00 A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.
7.5
Haute
CVE-2022-47015 2023-01-19 23h00 +00:00 MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.
6.5
Moyen
CVE-2022-38791 2022-08-26 22h00 +00:00 In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.
5.5
Moyen
CVE-2022-32088 2022-07-01 17h10 +00:00 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.
7.5
Haute
CVE-2022-32087 2022-07-01 17h10 +00:00 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.
7.5
Haute
CVE-2022-32085 2022-07-01 17h10 +00:00 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.
7.5
Haute
CVE-2022-32083 2022-07-01 17h10 +00:00 MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.
7.5
Haute
CVE-2022-32084 2022-06-30 22h00 +00:00 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.
7.5
Haute
CVE-2022-32091 2022-06-30 22h00 +00:00 MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.
7.5
Haute
CVE-2022-21427 2022-04-19 18h37 +00:00 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
4.9
Moyen
CVE-2022-27456 2022-04-14 10h57 +00:00 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.
7.5
Haute
CVE-2022-27452 2022-04-14 10h57 +00:00 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.
7.5
Haute
CVE-2022-27448 2022-04-14 10h56 +00:00 There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.
7.5
Haute
CVE-2022-27449 2022-04-14 10h56 +00:00 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.
7.5
Haute
CVE-2022-27447 2022-04-14 10h56 +00:00 MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.
7.5
Haute
CVE-2022-27445 2022-04-14 10h56 +00:00 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.
7.5
Haute
CVE-2022-27386 2022-04-12 17h14 +00:00 MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.
7.5
Haute
CVE-2022-27387 2022-04-12 17h14 +00:00 MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.
7.5
Haute
CVE-2022-27384 2022-04-12 17h14 +00:00 An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
7.5
Haute
CVE-2022-27383 2022-04-12 17h14 +00:00 MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.
7.5
Haute
CVE-2022-27380 2022-04-12 17h14 +00:00 An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
7.5
Haute
CVE-2022-27381 2022-04-12 17h14 +00:00 An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
7.5
Haute
CVE-2022-27378 2022-04-12 17h14 +00:00 An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
7.5
Haute
CVE-2022-27379 2022-04-12 17h14 +00:00 An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
7.5
Haute
CVE-2022-27377 2022-04-12 17h14 +00:00 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.
7.5
Haute
CVE-2022-27376 2022-04-12 17h14 +00:00 MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.
7.5
Haute
CVE-2018-25032 2022-03-24 23h00 +00:00 zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
7.5
Haute
CVE-2021-46661 2022-02-01 00h48 +00:00 MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).
5.5
Moyen
CVE-2021-46663 2022-02-01 00h47 +00:00 MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.
5.5
Moyen
CVE-2021-46664 2022-02-01 00h47 +00:00 MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.
5.5
Moyen
CVE-2021-46665 2022-02-01 00h47 +00:00 MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.
5.5
Moyen
CVE-2021-46668 2022-02-01 00h46 +00:00 MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.
5.5
Moyen
CVE-2021-46669 2022-02-01 00h46 +00:00 MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
7.5
Haute
CVE-2017-12419 2017-08-05 13h00 +00:00 If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide), and the MySQL client has a local_infile setting enabled (in php.ini mysqli.allow_local_infile, or the MySQL client config file, depending on the PHP setup), an attacker may take advantage of MySQL's "connect file read" feature to remotely access files on the MantisBT server.
4.9
Moyen