rpm package
suse/mariadb&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP2
pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2
Vulnerabilities (50)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-24048 | Hig | 7.8 | < 10.4.24-3.25.1 | 10.4.24-3.25.1 | Feb 18, 2022 | MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists | |
| CVE-2021-46669 | Hig | 7.5 | < 10.4.25-150200.3.28.1 | 10.4.25-150200.3.28.1 | Feb 1, 2022 | MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. | |
| CVE-2021-46668 | Med | 5.5 | < 10.4.24-3.25.1 | 10.4.24-3.25.1 | Feb 1, 2022 | MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. | |
| CVE-2021-46665 | Med | 5.5 | < 10.4.24-3.25.1 | 10.4.24-3.25.1 | Feb 1, 2022 | MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. | |
| CVE-2021-46664 | Med | 5.5 | < 10.4.24-3.25.1 | 10.4.24-3.25.1 | Feb 1, 2022 | MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. | |
| CVE-2021-46663 | Med | 5.5 | < 10.4.24-3.25.1 | 10.4.24-3.25.1 | Feb 1, 2022 | MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. | |
| CVE-2021-46661 | Med | 5.5 | < 10.4.24-3.25.1 | 10.4.24-3.25.1 | Feb 1, 2022 | MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). | |
| CVE-2021-46659 | Med | 5.5 | < 10.4.24-3.25.1 | 10.4.24-3.25.1 | Jan 29, 2022 | MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. | |
| CVE-2021-46658 | Med | 5.5 | < 10.4.24-3.25.1 | 10.4.24-3.25.1 | Jan 29, 2022 | save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. | |
| CVE-2021-46657 | Med | 5.5 | < 10.4.24-3.25.1 | 10.4.24-3.25.1 | Jan 29, 2022 | get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. |
- affected < 10.4.24-3.25.1fixed 10.4.24-3.25.1
MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists
- affected < 10.4.25-150200.3.28.1fixed 10.4.25-150200.3.28.1
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
- affected < 10.4.24-3.25.1fixed 10.4.24-3.25.1
MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.
- affected < 10.4.24-3.25.1fixed 10.4.24-3.25.1
MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.
- affected < 10.4.24-3.25.1fixed 10.4.24-3.25.1
MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.
- affected < 10.4.24-3.25.1fixed 10.4.24-3.25.1
MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.
- affected < 10.4.24-3.25.1fixed 10.4.24-3.25.1
MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).
- affected < 10.4.24-3.25.1fixed 10.4.24-3.25.1
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.
- affected < 10.4.24-3.25.1fixed 10.4.24-3.25.1
save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.
- affected < 10.4.24-3.25.1fixed 10.4.24-3.25.1
get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.
Page 3 of 3