Lucene search

K
rosalinux
ROSA LABROSA-SA-2023-2252
HistoryOct 21, 2023 - 3:06 p.m.

Advisory ROSA-SA-2023-2252

2023-10-2115:06:32
ROSA LAB
abf.rosalinux.ru
9

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.209 Low

EPSS

Percentile

96.3%

software: mariadb 10.5.20
OS: ROSA-CHROME

package_evr_string: mariadb-10.5.20-1.src.rpm

CVE-ID: CVE-2018-3284
BDU-ID: 2019-00759
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the InnoDB component of the MySQL Server database management system is related to resource release errors. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2021-2372
BDU-ID: 2022-01832
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the InnoDB component of the MariaDB and MySQL database management system is related to resource release errors. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2021-2389
BDU-ID: 2022-01851
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the InnoDB component of the MariaDB and MySQL database management system is related to resource release errors. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2021-27928
BDU-ID: 2021-03770
CVE-Crit: HIGH
CVE-DESC.: MariaDB database wsrep_notify_cmd modification vulnerability is related to the lack of input data cleanup measures. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information or cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2021-35604
BDU-ID: 2022-05677
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the InnoDB component of the MariaDB DBMS is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to compromise data integrity as well as cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2021-46657
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: get_sort_by_table in MariaDB before version 10.6.2 allows application crash due to some subqueries using ORDER BY.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2021-46658
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: save_window_function_values in MariaDB before 10.6.3 allows application crash due to improper handling of with_window_func=true for a subquery.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2021-46659
BDU-ID: 2022-01074
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the SELECT_LEX::nest_level component of the MariaDB database management system is related to resource management errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2021-46661
BDU-ID: 2022-05755
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the find_field_in_tables and find_order_in_list components of the MariaDB DBMS is related to resource release errors. Exploitation of the vulnerability allows an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2021-46662
BDU-ID: 2022-05752
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the set_var.cc component of the MariaDB DBMS is related to resource release errors. Exploitation of the vulnerability allows an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2021-46663
BDU-ID: 2022-05710
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the ha_maria::extra component of the MariaDB DBMS is related to resource release errors. Exploitation of the vulnerability allows an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2021-46664
BDU-ID: 2022-05757
CVE-Crit: MEDIUM
CVE-DESC.: MariaDB DBMS vulnerability is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2021-46665
BDU-ID: 2022-05712
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the sql_parse.cc component of the MariaDB DBMS is related to resource release errors. Exploitation of the vulnerability allows an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2021-46666
BDU-ID: 2023-05660
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the MariaDB database management system is related to improper handling of condition transfers from HAVING to WHEREE. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2021-46667
BDU-ID: 2022-05691
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the sql_lex.cc component of the MariaDB DBMS is related to integer overflow. Exploitation of the vulnerability allows an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2021-46668
BDU-ID: 2022-05704
CVE-Crit: MEDIUM
CVE-DESC.: MariaDB DBMS vulnerability is related to uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2021-46669
BDU-ID: 2022-06894
CVE-Crit: HIGH
CVE-DESC.: MariaDB DBMS vulnerability is related to memory utilization after memory is freed. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-0778
BDU-ID: 2022-01315
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the BN_mod_sqrt() function of the OpenSSL library involves executing a loop without sufficiently limiting the number of times it can be executed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-21427
BDU-ID: 2022-02805
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability exists in the InnoDB component of the MySQL Server database management system due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service or trigger a crash using network packets
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

CVE-ID: CVE-2022-21451
BDU-ID: 2022-02835
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the InnoDB component of the MySQL Server database management system is related to resource release errors. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using MySQL network protocols
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mariadb

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchmariadb< 10.5.20UNKNOWN
Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.209 Low

EPSS

Percentile

96.3%

Related for ROSA-SA-2023-2252