Vulnerabilities > Mariadb

DATE CVE VULNERABILITY TITLE RISK
2022-02-18 CVE-2022-24052 Heap-based Buffer Overflow vulnerability in multiple products
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability.
local
low complexity
mariadb fedoraproject CWE-122
7.8
7.8
2022-02-01 CVE-2021-46661 MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).
local
low complexity
mariadb fedoraproject
5.5
5.5
2022-02-01 CVE-2021-46662 Unspecified vulnerability in Mariadb
MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.
local
low complexity
mariadb
2.1
2.1
2022-02-01 CVE-2021-46663 MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.
local
low complexity
mariadb fedoraproject
5.5
5.5
2022-02-01 CVE-2021-46664 NULL Pointer Dereference vulnerability in multiple products
MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.
local
low complexity
mariadb fedoraproject CWE-476
5.5
5.5
2022-02-01 CVE-2021-46665 MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.
local
low complexity
mariadb fedoraproject
5.5
5.5
2022-02-01 CVE-2021-46666 Reachable Assertion vulnerability in Mariadb
MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.
local
low complexity
mariadb CWE-617
2.1
2.1
2022-02-01 CVE-2021-46667 Integer Overflow or Wraparound vulnerability in multiple products
MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.
local
low complexity
mariadb fedoraproject CWE-190
5.5
5.5
2022-02-01 CVE-2021-46668 Resource Exhaustion vulnerability in multiple products
MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.
local
low complexity
mariadb fedoraproject CWE-400
5.5
5.5
2022-02-01 CVE-2021-46669 Use After Free vulnerability in multiple products
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
network
low complexity
mariadb fedoraproject debian CWE-416
7.5
7.5