Errata ALT-PU-2021-2222-1: Information
Fixes
Published: April 20, 2021
BDU:2021-02467
Уязвимость компонента Server: DML системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 20, 2021
BDU:2021-02468
Уязвимость компонента Server: DML системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: March 19, 2021
BDU:2021-03770
Уязвимость модификации wsrep_notify_cmd базы данных MariaDB, связанная с отсутствием мер по очистке входных данных, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании
Severity: HIGH (7.2) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Nov. 15, 2021
BDU:2022-02835
Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.4) Vector: AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 23, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-2154
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 23, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-2166
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: March 19, 2021
Modified: May 3, 2022
Modified: May 3, 2022
CVE-2021-27928
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.
Severity: HIGH (7.2) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Links:
- https://mariadb.com/kb/en/mariadb-1059-release-notes/
- https://mariadb.com/kb/en/mariadb-10237-release-notes/
- https://jira.mariadb.org/browse/MDEV-25179
- https://mariadb.com/kb/en/security/
- https://mariadb.com/kb/en/mariadb-10418-release-notes/
- https://mariadb.com/kb/en/mariadb-10328-release-notes/
- [debian-lts-announce] 20210323 [SECURITY] [DLA 2605-1] mariadb-10.1 security update
- http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html
- GLSA-202105-28
Published: Jan. 30, 2022
Modified: July 12, 2022
Modified: July 12, 2022
CVE-2021-46657
get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Feb. 1, 2022
Modified: April 13, 2022
Modified: April 13, 2022
CVE-2021-46666
MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 20, 2022
Modified: Sept. 21, 2022
Modified: Sept. 21, 2022
CVE-2022-21451
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.4) Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Links: