The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.

Уязвимость функции call() компонента src/parser.c анализатора потока управления для исходных файлов C Cflow, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании

GNU cflow through 1.6 has a use-after-free in the reference function in parser.c.

GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c.

Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee.

Segmentation fault krb5-ticket-watcher 1.0.3

Уязвимость утилиты приема и пересылки почты fetchmail, связанная с некорректной инициализацией ресурса, позволяющая нарушителю получить доступ к конфиденциальной информации

report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.

Уязвимость функции p11_rpc_buffer_get_byte_array_value библиотеки для работы с модулями PKCS P11-kit, связанная с записью за границами буфера, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость в распределении массивов библиотеки для работы с модулями PKCS P11-kit, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции p11_rpc_buffer_get_byte_array библиотеки для работы с модулями PKCS P11-kit, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным

An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.

An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation.

An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value.

Уязвимость веб-сервера Coturn, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость веб-сервера Coturn, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Уязвимость буфера ответа STUN/TURN веб-сервера Coturn, позволяющая нарушителю получить доступ к конфиденциальным данным

Уязвимость веб-сервера Coturn, связанная с некорректной проверкой вводимых данных, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность

Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.x.x.x`. However, it was observed that when sending a `CONNECT` request with the `XOR-PEER-ADDRESS` value of `0.0.0.0`, a successful response was received and subsequently, `CONNECTIONBIND` also received a successful response. Coturn then is able to relay packets to the loopback interface. Additionally, when coturn is listening on IPv6, which is default, the loopback interface can also be reached by making use of either `[::1]` or `[::]` as the peer address. By using the address `0.0.0.0` as the peer address, a malicious user will be able to relay packets to the loopback interface, unless `--denied-peer-ip=0.0.0.0` (or similar) has been specified. Since the default configuration implies that loopback peers are not allowed, coturn administrators may choose to not set the `denied-peer-ip` setting. The issue patched in version 4.5.2. As a workaround the addresses in the address block `0.0.0.0/8`, `[::1]` and `[::]` should be denied by default unless `--allow-loopback-peers` has been specified.

In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3.

An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability.

An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability.

Уязвимость функции find_color_or_error пакета программ для создания, редактирования и оптимизации GIF-файлов Gifsicle, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании

The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference.

Уязвимость операционных систем iPadOS, watchOS, iOS, Mac OS, вызванная целочисленным переполнением, позволяющая нарушителю выполнить произвольный код

There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command.

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.

xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary.

Несовместимость библиотек

Уязвимость системы управления базами данных MariaDB, связана с переполнением буфера в стеке, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента SELECT_LEX::nest_level системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции BN_mod_sqrt() библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость библиотеки zlib, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента InnoDB системы управления базами данных MariaDB и MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента InnoDB системы управления базами данных MariaDB и MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента decimal_bin_size системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента sql/sql_class.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Used_tables_and_const_cache::used_tables_and_const_cache_join системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента sql/sql_window.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции xbstream_open системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость метода log_statement_ex (plugin/server_audit/server_audit.c) системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость метода create_worker_threads системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость метода create_worker_threads системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации

Уязвимость функции Item_args::walk_args системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации

Уязвимость функции prepare_inplace_add_virtual системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации

Уязвимость функции Item_func_in::cleanup/Item::cleanup_processor системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации

Уязвимость компонента sub_select системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации

Уязвимость функции st_select_lex_unit::exclude_level системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на доступность защищаемой информации

Уязвимость функции Item_subselect::init_expr_cache_tracker системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации

Уязвимость функции __interceptor_memset (/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc) системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации

Уязвимость функции Item_field::fix_outer_field системы управления базами данных MariaDB, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации

Уязвимость компонента dict0dict.cc системы управления базами данных MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента InnoDB СУБД MariaDB, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании

Уязвимость компонента sql_lex.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость СУБД MariaDB, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента ha_maria::extra СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента sql_parse.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента set_var.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонентов find_field_in_tables и find_order_in_list СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость СУБД MariaDB, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента C API системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость СУБД MariaDB, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента my_strcasecmp_8bit СУБД MariaDB, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Item_subselect::init_expr_cache_tracker СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента sql/item_cmpfunc.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции Binary_string::free_buffer() компонента /sql/sql_string.h СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции Binary_string::free_buffer() компонента /sql/sql_string.h СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента /row/row0mysql.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции VDec::VDec компонента /sql/sql_type.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Create_tmp_table::finalize СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Field::set_default СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента sql/item_func.cc СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Item_args::walk_arg СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Arg_comparator::compare_real_fixed СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента my_decimal::operator СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Item_func_in::cleanup() СУБД MariaDB, позволяющая нарушителю вызвать отказ в обслуживании

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery.

MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.

MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).

MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.

MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.

MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.

MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.

MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.

MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.

MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).

Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.

MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193.

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.

An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.

MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.

An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.

MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.

MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.

There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.

MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-27447. Reason: This candidate is a reservation duplicate of CVE-2022-27447. Notes: All CVE users should reference CVE-2022-27447 instead of this candidate.

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.

MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.

MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.

MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.

MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.

MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.

MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.

In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.

mysql.lib: CopyLibs: invalid or missing DESTDIR specified

без пакета mariadb-pam пакет mariadb-server нерабочий

Зависит от libmariadb-devel

Уязвимость функции Trunc/Extract фреймворка для веб-разработки Django, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.

An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.

На странице с информацией о системе кнопка Яндекс Дзен сплющена